{ "type": "bundle", "id": "bundle--b3b64526-5830-476c-a864-042fdb390f83", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--6e8bb7d5-7b5f-42be-8735-9ccac945e040", "created": "2024-05-13T12:27:11.548622Z", "modified": "2024-05-13T12:28:12.552029Z", "name": "Dimitribest", "identity_class": "organization" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--cb709de6-361c-440f-b1ce-ab4d788f910e", "value": "r-e.kr" }, { "type": "file", "spec_version": "2.1", "id": "file--c92758cb-8914-47aa-843e-9715e839861a", "hashes": { "MD5": "8346d90508b5d41d151b7098c7a3e868" } }, { "type": "file", "spec_version": "2.1", "id": "file--914e53de-847b-46dd-b169-e239caabaa03", "hashes": { "MD5": "537806c02659a12c5b21efa51b2322c1" } }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--55234dcf-76e5-4b83-aec5-a23a3c9bd50e", "value": "download.uberlingen.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--faa0f0ad-d629-4af2-b2f9-b390088a70bb", "value": "95.164.62.157" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--cb200650-1284-4951-932d-8662787b9327", "value": "online.viewers.r-e.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--9c5149e7-1a02-4bfe-b75a-434a9eb25dd3", "value": "share.dihl-defence.o-r.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--1e084912-05fe-4098-953c-cbe5bcb39ed0", "value": "cloud.adoubleu.de" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--fcef825d-e9ff-4b34-afec-4ba3fa922ad0", "value": "ecloud.uberlingen.n-e.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--07121559-86e2-4f20-80e2-298b6cac0005", "value": "share-defence.verymad.net" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--9793081b-2a65-4b6d-8f23-5cfb2171ed55", "value": "share-defence.ohbah.com" }, { "type": "url", "spec_version": "2.1", "id": "url--a380b125-abfe-4d55-b0d9-2dba3c2b665a", "value": "http://download.uberlingen.com/index.php" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--681c11be-7b17-43c0-995c-6dfcd56970b6", "value": "share-defence.uberlingen.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--3a75cae6-9020-4c4b-a657-aaec2a866281", "value": "94.131.120.80" }, { "type": "file", "spec_version": "2.1", "id": "file--e0f21978-6d66-4a75-bdd8-86f81cb07114", "hashes": { "MD5": "6e5d5a8d06452852f1ccbc9b6dbab3eb" } }, { "type": "file", "spec_version": "2.1", "id": "file--724ae1fe-6493-46b1-a2c0-14bc34c7dbde", "hashes": { "SHA-256": "f58a9905aad4d82a89a787017f1a357309caa01e2da081d76671f3319c66aa74" } }, { "type": "file", "spec_version": "2.1", "id": "file--56a9fe38-6833-4d53-bc5c-94b045e13d11", "hashes": { "SHA-256": "3314b6ea393e180c20db52448ab6980343bc3ed623f7af91df60189fec637744" } }, { "type": "file", "spec_version": "2.1", "id": "file--da972014-f077-4f7c-a406-ed42485aef96", "hashes": { "SHA-256": "24a42a912c6ad98ab3910cb1e031edbdf9ed6f452371d5696006c9cf24319147" } }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--06751687-c8a3-477d-9d38-0ab4aea0e769", "created": "2026-06-24T22:43:26.841983Z", "modified": "2026-06-24T22:43:26.841983Z", "name": "YARA Rule", "pattern": "rule Kimsuky_Spy_Tool {\r\n\r\nmeta:\r\n description =\"Kimsuky Spy tool\"\r\n author =\"The BlackBerry Research and Intelligence Team\"\r\n date = \"2024-05-23\"\r\n hash =\"3314b6ea393e180c20db52448ab6980343bc3ed623f7af91df60189fec637744\"\r\n version = \"1.0\"\r\n\r\nstrings: \r\n \r\n $a1 = {42 4B 62 68 54 62 7E 58 42 4B 21 3B BA 28 C3 14}\r\n $a2 = {31 40 4E 57 67 79 78 65 48 5C 5F 62 70 64 67 63}\r\n $a3 = {44 24 50 53 71 80 60 0F 11 45 E8 C7 44 24 54 71}\r\n $a4 = {44 24 64 54 57 55 57 49 8B CE C7 44 24 68 47 57}\r\n $b1 = {AE 1B C8 96 70 3F B1 5C 40 32 E2 95 32 48 7C C9 \r\n 65 07 71 A3 B9 98 FC 3F 71 28 3F 1A 24 63 BD C5 \r\n 6B C2 70 17 29 1D 06 1A B9 74 B2 12 CE 06 28 6A\r\n 5C 36 CB 2B 98 68 0D 1A 50 D6 F1 67 51 B8 BC 24 \r\n AE 2B}\r\n \r\ncondition:\r\n uint16(0) == 0x5a4d and ((filesize < 2000KB) and all of ($a*) or any of ($b*))\r\n}", "pattern_type": "yara", "valid_from": "2024-06-07T00:00:00Z" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--4f10d450-90c4-44cb-8166-6d1dd70ed0cc", "value": "qntks.shadir.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--ea5be339-058d-45c5-b93a-4513e6ec4afa", "value": "nero1.r-e.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--56132f7f-4b70-4e4a-b11f-bcbd2f953d4a", "value": "logo.kalbas.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--fb11980b-6aab-45fe-b674-28302189b9a9", "value": "accounts.login.idm.uberlingen.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--412f2a81-6ac5-4fc0-8135-7fcba7dba838", "value": "de.uberlingen.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--938079ce-3eeb-4782-a552-a1c3ae85f405", "value": "news.uberlingen.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--b58310c8-af3e-4a44-9c84-9a693794ab4f", "value": "94.131.9.51" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--2e276edf-cd77-44fa-b708-2a68f224f450", "value": "103.113.70.148" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1", "created": "2026-06-24T22:43:26.849341Z", "modified": "2026-06-24T22:43:26.849341Z", "name": "Kimsuky" }, { "type": "report", "spec_version": "2.1", "id": "report--a69901f1-ddb1-41b3-bcea-a7e6738990f5", "created_by_ref": "identity--6e8bb7d5-7b5f-42be-8735-9ccac945e040", "created": "2026-06-24T22:43:26.852759Z", "modified": "2026-06-24T22:43:26.852759Z", "name": "Kimsuky is targeting an arms manufacturer in Europe", "published": "2024-06-07T00:00:00Z", "object_refs": [ "identity--6e8bb7d5-7b5f-42be-8735-9ccac945e040", "domain-name--cb709de6-361c-440f-b1ce-ab4d788f910e", "file--c92758cb-8914-47aa-843e-9715e839861a", "file--914e53de-847b-46dd-b169-e239caabaa03", "domain-name--55234dcf-76e5-4b83-aec5-a23a3c9bd50e", "ipv4-addr--faa0f0ad-d629-4af2-b2f9-b390088a70bb", "domain-name--cb200650-1284-4951-932d-8662787b9327", "domain-name--9c5149e7-1a02-4bfe-b75a-434a9eb25dd3", "domain-name--1e084912-05fe-4098-953c-cbe5bcb39ed0", "domain-name--fcef825d-e9ff-4b34-afec-4ba3fa922ad0", "domain-name--07121559-86e2-4f20-80e2-298b6cac0005", "domain-name--9793081b-2a65-4b6d-8f23-5cfb2171ed55", "url--a380b125-abfe-4d55-b0d9-2dba3c2b665a", "domain-name--681c11be-7b17-43c0-995c-6dfcd56970b6", "ipv4-addr--3a75cae6-9020-4c4b-a657-aaec2a866281", "file--e0f21978-6d66-4a75-bdd8-86f81cb07114", "file--724ae1fe-6493-46b1-a2c0-14bc34c7dbde", "file--56a9fe38-6833-4d53-bc5c-94b045e13d11", "file--da972014-f077-4f7c-a406-ed42485aef96", "indicator--06751687-c8a3-477d-9d38-0ab4aea0e769", "domain-name--4f10d450-90c4-44cb-8166-6d1dd70ed0cc", "domain-name--ea5be339-058d-45c5-b93a-4513e6ec4afa", "domain-name--56132f7f-4b70-4e4a-b11f-bcbd2f953d4a", "domain-name--fb11980b-6aab-45fe-b674-28302189b9a9", "domain-name--412f2a81-6ac5-4fc0-8135-7fcba7dba838", "domain-name--938079ce-3eeb-4782-a552-a1c3ae85f405", "ipv4-addr--b58310c8-af3e-4a44-9c84-9a693794ab4f", "ipv4-addr--2e276edf-cd77-44fa-b708-2a68f224f450", "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1" ], "external_references": [ { "source_name": "source", "url": "https://www.linkedin.com/pulse/kimsuky-targeting-arms-manufacturer-europe-dmitry-melikov-dquge/" } ] } ] }