Shares tag: DreamJob • Shares 9 IOCs • Published within a week
New campaign targeting security researchers
2021-01-25 • Google •
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. To date, we have only seen these actors targeting Windows systems as a part of this campaign. The DLL is custom malware that would immediately begin communicating with actor-controlled C2 domains. New campaign targeting security researchers Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | a75886b016d84c3eaacaf01a3c61e04… | 2021-01-25 | 2025-11-07 |
| DOMAIN | codevexillium.org | 2021-01-25 | 2024-04-17 |
| URL | https://codevexillium.org/image… | 2021-01-25 | 2024-01-19 |
| URL | http://www.colasprint.com/_vti_… | 2021-01-25 | 2021-02-25 |
| URL | https://www.dronerc.it/forum/up… | 2021-01-25 | 2021-02-25 |
| URL | https://www.fabioluciani.com/es… | 2021-01-25 | 2021-02-25 |
| HASH | a4fb20b15efd72f983f0fb3325c0352… | 2021-01-25 | 2021-02-01 |
| HASH | 25d8ae4678c37251e7ffbaeddc252ae… | 2021-01-25 | 2021-01-28 |
| HASH | 68e6b9d71c727545095ea6376940027… | 2021-01-25 | 2021-01-28 |
| DOMAIN | krakenfolio.com | 2021-01-25 | 2021-01-28 |
| DOMAIN | investbooking.de | 2021-01-25 | 2021-01-28 |
| DOMAIN | angeldonationblog.com | 2021-01-25 | 2021-01-28 |
| HASH | 4c3499f3cc4a4fdc7e67417e055891c… | 2021-01-25 | 2021-01-28 |
| URL | https://www.dronerc.it/shop_tes… | 2021-01-25 | 2021-01-28 |
| URL | https://transplugin.io/upload/u… | 2021-01-25 | 2021-01-28 |
| DOMAIN | transplugin.io | 2021-01-25 | 2021-01-28 |
| DOMAIN | blog.br0vvnn.io | 2021-01-25 | 2021-01-28 |
| URL | https://keybase.io/zhangguo | 2021-01-25 | 2021-01-25 |
| URL | http://trophylab.com/notice/ima… | 2021-01-25 | 2021-01-25 |
| URL | https://www.dronerc.it/shop_tes… | 2021-01-25 | 2021-01-25 |
| URL | https://www.edujikim.com/intro/… | 2021-01-25 | 2021-01-25 |
| URL | https://investbooking.de/upload… | 2021-01-25 | 2021-01-25 |
| URL | https://blog.br0vvnn.io | 2021-01-25 | 2021-01-25 |
| URL | https://angeldonationblog.com/i… | 2021-01-25 | 2021-01-25 |
| DOMAIN | trophylab.com | 2021-01-25 | 2021-01-25 |
| DOMAIN | transferwiser.io | 2021-01-25 | 2021-01-25 |
Related Reports
Shares tag: DreamJob • Shares 8 IOCs • Published within a week
2021-02-01 •
61% Match
#DreamJob
Shares tag: DreamJob • Shares 1 IOC • Published within a week
Shares tag: DreamJob • Shares 1 IOC • Published within a week
Shares tag: DreamJob • Same author: Google
Shares tag: DreamJob • Published within a week