SK Hack by an Advanced Persistent Threat

2011-09-24 Commandfive

https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2011/C5_APT_SKHack.pdf

Attachments

C5_APT_SKHack.pdf (371 KB)

The SK Communications breach stole personal details for up to 35 million CyWorld and Nate users after attackers compromised a South Korean software company update server. The supply-chain compromise delivered a trojanized software update that infected more than 60 SK Communications systems before customer data was exfiltrated. The report describes trusted-update abuse, downstream enterprise compromise, and large-scale personal-information theft, but does not provide modern reusable IOCs beyond the historical infrastructure and malware context.

Indicators of Compromise

Type Value First Seen Last Seen
HASH aba9baea70825e6adf0723587f273dc4 2011-09-24 2011-09-24
HASH 16a31aa8e7ddf66a31551840573b6575 2011-09-24 2011-09-24
HASH 2c645b8dee2789a0d5d1c1e173ca3bb… 2011-09-24 2011-09-24
HASH f84cd73dabf186607f986df98c5402a… 2011-09-24 2011-09-24
HASH b6aecab3c07e915e27db4b4be4c32de… 2011-09-24 2011-09-24
HASH fdf2c5c2b1874efe7fd335092df2d3bc 2011-09-24 2011-09-24
HASH bce1069dd099f15170c5fd05bae921b5 2011-09-24 2011-09-24
HASH 74455d5e8f99272aec64bce106b1e8f… 2011-09-24 2011-09-24
HASH 9f5addc7e0c7c57eab347ba10e9a81a… 2011-09-24 2011-09-24
HASH 6c6adbd087276ae89f8262582798b708 2011-09-24 2011-09-24
DOMAIN diggfunny.com 2011-09-24 2011-09-24
DOMAIN natefan.com 2011-09-24 2011-09-24
DOMAIN ro.diggfunny.com 2011-09-24 2011-09-24
DOMAIN systemexplorer.net 2011-09-24 2011-09-24
DOMAIN bbs.ezxsoft.com 2011-09-24 2011-09-24
DOMAIN projectxz.com 2011-09-24 2011-09-24
DOMAIN daumfan.com 2011-09-24 2011-09-24
DOMAIN soucesp.com 2011-09-24 2011-09-24
DOMAIN bomuls.com 2011-09-24 2011-09-24
DOMAIN download.windowsupdate.co 2011-09-24 2011-09-24
DOMAIN 40korea.com 2011-09-24 2011-09-24
DOMAIN ezxsoft.com 2011-09-24 2011-09-24
DOMAIN cph.com 2011-09-24 2011-09-24
DOMAIN bomul.com 2011-09-24 2011-09-24
DOMAIN update.alyac.org 2011-09-24 2011-09-24
DOMAIN newhose.ntimobile.com 2011-09-24 2011-09-24
DOMAIN edsplan.com 2011-09-24 2011-09-24
DOMAIN code.kryo.se 2011-09-24 2011-09-24
DOMAIN cache.mindplat.com 2011-09-24 2011-09-24
DOMAIN finalcover.com 2011-09-24 2011-09-24
DOMAIN expre.dyndns.tv 2011-09-24 2011-09-24
DOMAIN duamlive.com 2011-09-24 2011-09-24
DOMAIN bbs.afbjz.com 2011-09-24 2011-09-24
DOMAIN mindplat.com 2011-09-24 2011-09-24
DOMAIN xml.ssdsandbox.net 2011-09-24 2011-09-24
IPv4 64.74.223.10 2011-09-24 2011-09-24
IPv4 222.122.20.241 2011-09-24 2011-09-24
IPv4 202.30.224.240 2011-09-24 2011-09-24
IPv4 8.5.1.11 2011-09-24 2011-09-24
IPv4 218.213.229.69 2011-09-24 2011-09-24
IPv4 202.181.170.67 2011-09-24 2011-09-24
IPv4 218.213.229.68 2011-09-24 2011-09-24
IPv4 116.127.121.109 2011-09-24 2011-09-24
IPv4 116.127.121.41 2011-09-24 2011-09-24
IPv4 202.30.244.240 2011-09-24 2011-09-24
IPv4 8.5.1.42 2011-09-24 2011-09-24
IPv4 66.249.89.104 2011-09-24 2011-09-24
IPv4 121.78.237.135 2011-09-24 2011-09-24
IPv4 98.126.8.230 2011-09-24 2011-09-24
IPv4 61.82.71.30 2011-09-24 2011-09-24
IPv4 220.90.209.157 2011-09-24 2011-09-24
IPv4 64.74.223.48 2011-09-24 2011-09-24
IPv4 61.19.250.219 2011-09-24 2011-09-24
IPv4 69.197.132.132 2011-09-24 2011-09-24
IPv4 112.121.171.94 2011-09-24 2011-09-24
IPv4 8.5.1.8 2011-09-24 2011-09-24

Related Reports

« Back