GoldDragon/BravePrince 악성코드를 사용하는 Kimsuky 그룹의 국내 공격

2021-05-01 • Secu I • Domestic attacks by the Kimsuky group using GoldDragon/BravePrince malware •

https://stic.secui.com/main/main/threatInfo?id=25

#Kimsuky

The report describes domestic attacks attributed to the Kimsuky threat group that use the GoldDragon and BravePrince malware clusters. According to the source, operators approach targets through spear phishing and deliver weaponized documents or malicious files that inject GoldDragon, collect system information, and communicate with command-and-control infrastructure. The follow-on BravePrince payload is described as a persistence and information-collection component that gathers host data and exfiltrates information through email-based mechanisms.

Indicators of Compromise

Type	Value	First Seen	Last Seen
HASH	11ac8609d64e5a5ade83eff92e4f1314	2021-05-01	2021-07-26
HASH	cf5815a1f635dca148ccffeb074b64d5	2021-05-01	2021-07-26
HASH	6ec77913e6a359ee4e62909e28c08f1d	2021-05-01	2021-07-26
HASH	1d30dfa5d8f21d1465409b207115ded6	2021-05-01	2021-07-26
HASH	3ecc65085a91044a119abce4f0c0d4de	2021-05-01	2021-07-26
HASH	ec19cd77170b6ac8772c5799fdd88852	2021-05-01	2021-07-26
HASH	c999efc55194b5fbf66d21e63c119794	2021-05-01	2021-05-01
HASH	4ac0b4c957a1294d14dee183107c7c6b	2021-05-01	2021-05-01
HASH	bb68570d5a6f53551c342cd43a70f24d	2021-05-01	2021-05-01
HASH	10035dccae3dc168d6f0244314154acd	2021-05-01	2021-05-01
HASH	a0da19cc8a52507da231ddf0a2e1ff87	2021-05-01	2021-05-01
HASH	1979bcf8b7e7576218d57134ee22e4a1	2021-05-01	2021-05-01
HASH	8d3965c4f22be952454251c38ec08c1b	2021-05-01	2021-05-01
HASH	2f94e1ea539dfcb62b536a5fd2a59f93	2021-05-01	2021-05-01
HASH	096a99a0b465eb843f5720eb1c8d199b	2021-05-01	2021-05-01
HASH	5c9d0faaaffb816488cc03638fec709f	2021-05-01	2021-05-01
HASH	f564e2ac4e3dac7d768f11f88c008f89	2021-05-01	2021-05-01
HASH	6e01e1dabed893abfc57b59322d1fd6c	2021-05-01	2021-05-01
HASH	fb9f5317cb36803c4f1f2ec15f0d01a9	2021-05-01	2021-05-01
HASH	d4b72dac2e07d901ae2c0238d049633f	2021-05-01	2021-05-01
HASH	c60295cc09d7c8780c7ee413ddd5053e	2021-05-01	2021-05-01
HASH	1b2a58dcbc4ca6dddd5ad213012243b7	2021-05-01	2021-05-01
HASH	ba90b65b3f23fabc78c08ae63b898ea1	2021-05-01	2021-05-01
HASH	5e52ee8b562f3b2c796d0edc6e450737	2021-05-01	2021-05-01
HASH	5fce461d95e428ee362f63a010605e76	2021-05-01	2021-05-01
HASH	464939066968aed23f5e568bb8a523a7	2021-05-01	2021-05-01
HASH	b0104d163a84da2ca2e09fb95bb7a02d	2021-05-01	2021-05-01
HASH	3609eb3a69e9e68aabf7f6ade177a7b5	2021-05-01	2021-05-01
HASH	80ce8826c8cd34b9ac7a787895674069	2021-05-01	2021-05-01
HASH	24113e05011648e75357230ecc936aca	2021-05-01	2021-05-01
HASH	271a22fa958c697c378efbf0306c851d	2021-05-01	2021-05-01
HASH	80dafd84872063d6cc88ada8d86cbc19	2021-05-01	2021-05-01
HASH	b084396780cf53c46fff7bd7fc7b2f8d	2021-05-01	2021-05-01
HASH	37f752295b314eb57a52a50a0f939376	2021-05-01	2021-05-01
HASH	16b53863630fd19e0f260e48cd571c8f	2021-05-01	2021-05-01
HASH	6b6f617b35cbd53dbf1aaff330a3c23d	2021-05-01	2021-05-01
HASH	939427d376e5fb09dce567ddde212cbb	2021-05-01	2021-05-01
HASH	921e75393034af085b0c6041968d70b0	2021-05-01	2021-05-01
HASH	68aefdf9a9ff0767ef47c523f83dd5fc	2021-05-01	2021-05-01
HASH	8611af7515b3342fc81955b80977bfd2	2021-05-01	2021-05-01
HASH	80247b2e72a3818edf6af3826c5a7c8f	2021-05-01	2021-05-01
HASH	7da46f2f0f8da2bf9aaa93c6be64ed9a	2021-05-01	2021-05-01
HASH	ca2ba5bf6197a26531b505d12d67d699	2021-05-01	2021-05-01
HASH	b8b6be36440f5555ba6d2e8832b2d414	2021-05-01	2021-05-01
HASH	c298cc88647cf6631ac8a579c958e6b2	2021-05-01	2021-05-01
HASH	28833e121bb77c8262996af1f2aeef55	2021-05-01	2021-05-01
HASH	6d28910e7391747f37469fc2e2d5bb46	2021-05-01	2021-05-01
HASH	a34a49a589564fe363c930dd00c8867a	2021-05-01	2021-05-01
HASH	6ec5f4d78e0e1044f433dd2a4d0ff032	2021-05-01	2021-05-01
HASH	a4ab1d70c446379489bf2b0ef5f6d530	2021-05-01	2021-05-01
HASH	f4fa853e296786590685cb8d071e19ef	2021-05-01	2021-05-01
HASH	7ce05c1f5f1e296be0f0424b451f38cb	2021-05-01	2021-05-01
HASH	9e06412ee2afb2cc8a17c9cfc92bdc34	2021-05-01	2021-05-01
HASH	25c5240491accd78c6ee10efb1b73984	2021-05-01	2021-05-01
HASH	d85a62a18e0985ee5b8205f62bb49d7e	2021-05-01	2021-05-01
HASH	58ae32d608f401d759f7bbbf7e73a688	2021-05-01	2021-05-01
HASH	8bd720f4c62e878353346a8dfda239ed	2021-05-01	2021-05-01
HASH	5be2d775890da552f705dad83117cd17	2021-05-01	2021-05-01
HASH	56b20eb7f6770f4d1a1a1e408a694db1	2021-05-01	2021-05-01
HASH	aff4043e8ac3cf988bdf9cba22552eb8	2021-05-01	2021-05-01
HASH	1abda119848012f6cd88d4561c8d4ce5	2021-05-01	2021-05-01
HASH	6475a776cceef1ec7715e150d55e5157	2021-05-01	2021-05-01
HASH	5a0a18ffe6f05102842fbb57bf4b05de	2021-05-01	2021-05-01
HASH	8ad471517e7457eb6eea5e3039a3334f	2021-05-01	2021-05-01
HASH	993ba3a2b43573704bf3951503e96b34	2021-05-01	2021-05-01
HASH	36839d67b298fbc8f948e7f00902e6f3	2021-05-01	2021-05-01
HASH	a1c99805b643aa5b9f6f78bb51a0ef52	2021-05-01	2021-05-01
HASH	e63cc491b66e7a44bb70416e04edf8ca	2021-05-01	2021-05-01
HASH	1418f0313f83718426a7549c7484404b	2021-05-01	2021-05-01
HASH	043c9f2d0bc5d82eb6ebbae8af3999b6	2021-05-01	2021-05-01
HASH	7661c0488c47fa9c391040729816715a	2021-05-01	2021-05-01
HASH	13bc042439ddbeada6bece61b94dae37	2021-05-01	2021-05-01
HASH	c88ea04c5b3feb11e344d19fdc4008c1	2021-05-01	2021-05-01
HASH	baf99aaaa91903520b2e011596e66737	2021-05-01	2021-05-01
HASH	049caeb1de32927a0d72f1062e975966	2021-05-01	2021-05-01
HASH	5c4f6d98a6d831e702c1b838693cde36	2021-05-01	2021-05-01
HASH	2affa7cf6a651df5e7ebdc7a11aa613f	2021-05-01	2021-05-01
HASH	33664263e8f3d7bb8e5b2640d8a7fd45	2021-05-01	2021-05-01
HASH	6b844c2b144cba4adbd1268c1a8e87ca	2021-05-01	2021-05-01
HASH	6de80b7fe1da83ef4901be17b143bcca	2021-05-01	2021-05-01
HASH	924626442633164ec54b712c015f1a9b	2021-05-01	2021-05-01
HASH	32ddddcfc8fa790d614f8fc3fdff54a2	2021-05-01	2021-05-01
HASH	6dc8e497a42945077905a53fa26f18f1	2021-05-01	2021-05-01
HASH	63f017536370c9ce876bb320b3bcb0b0	2021-05-01	2021-05-01
HASH	ffff18fc7c2166c2a1a3c3d8bbd95ba1	2021-05-01	2021-05-01
URL	http://nid2-naver-com.medianews…	2021-05-01	2021-05-01
URL	http://poulerr.scienceontheweb.…	2021-05-01	2021-05-01
URL	http://smalldeal.mypressonline.…	2021-05-01	2021-05-01
URL	http://portable.epizy.com/img/p…	2021-05-01	2021-05-01
URL	http://adonis-557.atwebpages.co…	2021-05-01	2021-05-01
URL	http://ramble.myartsonline.com/…	2021-05-01	2021-05-01
URL	http://pingball.mygamesonline.o…	2021-05-01	2021-05-01
URL	http://smalldeal.mypressonline.…	2021-05-01	2021-05-01
URL	http://pingball.mygamesonline.o…	2021-05-01	2021-05-01
URL	http://portable.epizy.com/img/p…	2021-05-01	2021-05-01
URL	http://ramble.myartsonline.com/…	2021-05-01	2021-05-01
URL	http://foxonline123.atwebpages.…	2021-05-01	2021-05-01
URL	http://lovelovelove.atwebpages.…	2021-05-01	2021-05-01
URL	http://poulerr.scienceontheweb.…	2021-05-01	2021-05-01
URL	http://adonis-557.atwebpages.co…	2021-05-01	2021-05-01
URL	http://nid2-naver-com.medianews…	2021-05-01	2021-05-01
DOMAIN	smalldeal.mypressonline.com	2021-05-01	2021-05-01
DOMAIN	poulerr.scienceontheweb.net	2021-05-01	2021-05-01
DOMAIN	nid2-naver-com.medianewsonline.…	2021-05-01	2021-05-01
DOMAIN	pingball.mygamesonline.org	2021-05-01	2021-05-01
DOMAIN	adonis-557.atwebpages.com	2021-05-01	2021-05-01
IPv4	115.68.45.90	2021-05-01	2021-05-01
URL	http://foxonline123.atwebpages.…	2020-11-02	2021-05-01
DOMAIN	foxonline123.atwebpages.com	2020-11-02	2021-05-01
DOMAIN	ramble.myartsonline.com	2020-09-30	2021-05-01
DOMAIN	portable.epizy.com	2020-09-04	2021-05-01
HASH	22bea8086d87fac45b85bea9e81ca142	2020-07-03	2021-05-01
HASH	8f8aa835e65998dd472d2c641aa82da5	2020-07-03	2021-05-01
HASH	c73225f976100ab972934f31b61eabcc	2020-07-03	2021-05-01
URL	http://lovelovelove.atwebpages.…	2020-07-03	2021-05-01
DOMAIN	lovelovelove.atwebpages.com	2020-07-03	2021-05-01
HASH	42ae424f27d83fa132b2967b64f6ba21	2019-10-20	2021-05-01
HASH	702074bb1b644e1207633154ebf08eb9	2019-10-20	2021-05-01
URL	http://clouds.scienceontheweb.n…	2019-10-20	2021-05-01
URL	http://clouds.scienceontheweb.n…	2019-10-20	2021-05-01
DOMAIN	clouds.scienceontheweb.net	2019-10-20	2021-05-01