Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities
Common Information
| Type | Value |
|---|---|
| UUID | 0b7c4958-48cf-4ad4-85cf-da05a88961e9 |
| Fingerprint | 85b12163729a4bb57f236d16c42cc14ee3697c49dc9742d6331f03f2c9265b88 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 19, 2023, 9:34 a.m. |
| Added to db | March 10, 2024, 1:18 a.m. |
| Last updated | Aug. 31, 2024, 3:29 a.m. |
| Headline | Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities |
| Title | Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities |
| Detected Hints/Tags/Attributes | 147/3/149 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://go.recordedfuture.com/hubfs/reports/cta-2023-0919.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Autonomous System Number | 20 | AS20473 |
|
| Details | Autonomous System Number | 5 | AS202422 |
|
| Details | Autonomous System Number | 3 | AS206804 |
|
| Details | Autonomous System Number | 10 | AS4766 |
|
| Details | Domain | 546 | www.recordedfuture.com |
|
| Details | Domain | 1 | attachdaum.servecounterstrike.com |
|
| Details | Domain | 1 | attachmaildaum.servecounterstrike.com |
|
| Details | Domain | 1 | attachmaildaum.serveblog.net |
|
| Details | Domain | 1 | logindaums.ddnsking.com |
|
| Details | Domain | 1 | loginsdaum.viewdns.net |
|
| Details | Domain | 1 | bizmeka.com |
|
| Details | Domain | 1 | bizmeka.viewdns.net |
|
| Details | Domain | 1 | hamonsoft.serveblog.net |
|
| Details | Domain | 1 | hanseo1.hopto.org |
|
| Details | Domain | 3 | hometax.go.kr |
|
| Details | Domain | 1 | hometax.onthewifi.com |
|
| Details | Domain | 1 | mailplug.ddnsking.com |
|
| Details | Domain | 1 | minjoo2.servehttp.com |
|
| Details | Domain | 1 | necgo.serveblog.net |
|
| Details | Domain | 1 | pixoneer.myvnc.com |
|
| Details | Domain | 1 | puacgo1.servemp3.com |
|
| Details | Domain | 1 | satreci.bounceme.net |
|
| Details | Domain | 1 | sejonglog.hopto.org |
|
| Details | Domain | 1 | unipedu.servebeer.com |
|
| Details | Domain | 2 | formsgle.freedynamicdns.net |
|
| Details | Domain | 1 | sarang.serveminecraft.net |
|
| Details | Domain | 1 | alleyk.onthewifi.com |
|
| Details | Domain | 1 | anrnet.servegame.com |
|
| Details | Domain | 1 | asheepa.sytes.net |
|
| Details | Domain | 1 | bucketnec.bounceme.net |
|
| Details | Domain | 1 | chsoun.serveftp.com |
|
| Details | Domain | 2 | ckstar.zapto.org |
|
| Details | Domain | 1 | daecheol.myvnc.com |
|
| Details | Domain | 1 | eburim.viewdns.net |
|
| Details | Domain | 1 | eduin21.zapto.org |
|
| Details | Domain | 1 | elecinfonec.servehalflife.com |
|
| Details | Domain | 1 | foodlab.hopto.org |
|
| Details | Domain | 1 | formsgle.freedynamicdns.org |
|
| Details | Domain | 1 | fresh.servepics.com |
|
| Details | Domain | 1 | global.freedynamicdns.net |
|
| Details | Domain | 1 | global.freedynamicdns.org |
|
| Details | Domain | 3 | hairouni.serveblog.net |
|
| Details | Domain | 1 | harvest.my-homeip.net |
|
| Details | Domain | 1 | hwarang.myddns.me |
|
| Details | Domain | 1 | jaminss.viewdns.net |
|
| Details | Domain | 1 | janara.freedynamicdns.org |
|
| Details | Domain | 1 | jeoash.servemp3.com |
|
| Details | Domain | 1 | jstreco.myftp.biz |
|
| Details | Domain | 1 | kanager.bounceme.net |
|
| Details | Domain | 1 | kcgselect.servehalflife.com |
|
| Details | Domain | 1 | kjmacgk.ddnsking.com |
|
| Details | Domain | 1 | kookmina.servecounterstrike.com |
|
| Details | Domain | 1 | ksd22.myddns.me |
|
| Details | Domain | 1 | kumohhic.viewdns.net |
|
| Details | Domain | 1 | kybook.viewdns.net |
|
| Details | Domain | 1 | leader.gotdns.ch |
|
| Details | Domain | 1 | likms.hopto.org |
|
| Details | Domain | 1 | mafolog.serveminecraft.net |
|
| Details | Domain | 1 | mintaek.bounceme.net |
|
| Details | Domain | 1 | munjanara.servehttp.com |
|
| Details | Domain | 1 | pattern.webhop.me |
|
| Details | Domain | 1 | plomacy.ddnsking.com |
|
| Details | Domain | 1 | proeso.servehttp.com |
|
| Details | Domain | 1 | prparty.webhop.me |
|
| Details | Domain | 1 | saevit.servebeer.com |
|
| Details | Domain | 1 | safety.viewdns.net |
|
| Details | Domain | 1 | samgiblue.servegame.com |
|
| Details | Domain | 1 | signga.redirectme.net |
|
| Details | Domain | 1 | skparty.myonlineportal.org |
|
| Details | Domain | 1 | steering.viewdns.net |
|
| Details | Domain | 1 | stjpmsko.serveblog.net |
|
| Details | Domain | 1 | surveymonkey.myddns.me |
|
| Details | Domain | 1 | themiujoo.viewdns.net |
|
| Details | Domain | 1 | tsuago.servehalflife.com |
|
| Details | Domain | 1 | tsuagos.servehalflife.com |
|
| Details | Domain | 1 | visdpaka.servemp3.com |
|
| Details | Domain | 1 | visual.webhop.me |
|
| Details | Domain | 1 | wwl1764.ddnsking.com |
|
| Details | Domain | 265 | recordedfuture.com |
|
| Details | File | 3 | vias.exe |
|
| Details | File | 3 | lbtwiz32.exe |
|
| Details | File | 6 | presentationsettings.exe |
|
| Details | File | 14 | imagingdevices.exe |
|
| Details | File | 34 | hh.exe |
|
| Details | File | 10 | searchfilterhost.exe |
|
| Details | File | 1 | msfltr32.exe |
|
| Details | File | 1 | mysnake.exe |
|
| Details | File | 1 | university.chm |
|
| Details | File | 4 | 1.chm |
|
| Details | File | 2 | 0.chm |
|
| Details | File | 5 | 2.chm |
|
| Details | File | 1 | 4.chm |
|
| Details | sha256 | 1 | 11cd4b64dcac3195c01ffc937ae1eb77aa2f98d560a75347036d54a1cf69a5fd |
|
| Details | sha256 | 1 | 01e5ebc2c096d465800660a0ad6d62208a5b2b675e3700f3734fac225b1d38bd |
|
| Details | sha256 | 1 | a88ca28b0948e810d4eb519db7b72a40cfe7907ce4c6a881a192880278f3c8b5 |
|
| Details | sha256 | 1 | 89f250599e09f8631040e73cd9ea5e515d87e3d1d989f484686893becec1a9bc |
|
| Details | sha256 | 1 | 0ea0b19c562d20c6ac89a1f2db06eedcb147cde2281e79bb0497cef62094b514 |
|
| Details | sha256 | 1 | aa4ad5341a9258330abd732cbab3721d76764f1ff21a8f960622661d701a1a71 |
|
| Details | sha256 | 1 | 8f50f49e77ddcc7ef639a76217b2eb25c48f9ce21ae8341050d0da49b89b7b34 |
|
| Details | sha256 | 1 | ae0f641dc9d33ee50990971104ef1c598e216693700be6b74bb1e9ef373af97c |
|
| Details | sha256 | 1 | 465c7c6a0f23ba5f928fc0d0cdc4d9f6ec89e03dcedafc3d72b3b3c01a54a00c |
|
| Details | sha256 | 1 | 6a59421fd225d90439b6a933458718cf43dbe518c63979e8980bc070c070558a |
|
| Details | sha256 | 1 | df7d584d56af6fcf3cca31ed0d3a4d34abd2c1019b8d223a230f8a78075a7d9a |
|
| Details | sha256 | 1 | 078a8026f32b8d05258285dc527408388c651f6c3eaebc45f8bb3f4b42248631 |
|
| Details | sha256 | 1 | c643598b4ee0e9b3b70dae19437bbec01e881a1ad3b2ec1f6f5c335e552e5d6e |
|
| Details | sha256 | 1 | 9425666e58b200306935c36301d66a4bf2c831ad41ea0ee8984f056257b86eb6 |
|
| Details | sha256 | 1 | a16997954b64499479b4721c9f742b5d2875496f2035e1c654b06694981041b2 |
|
| Details | sha256 | 1 | 0d0acd7e7257a715c10dded76acb233adc8fdfe32857eda060bd1448e8b54585 |
|
| Details | sha256 | 1 | 0ea02fddf2ec96d4aee8adaffda2dd5fab0ea989b0c3f8c1577a1be22ee9153a |
|
| Details | sha256 | 1 | e3cdaa9bfba6bfac616b7f275c1e888b8910efcb8a3df071f68ad1e83710bd61 |
|
| Details | sha256 | 1 | 9fdb528949a2b80ac40cb7d3333bdff5d504294cc3d90cf353db72b8beffd2b2 |
|
| Details | sha256 | 1 | 607f324c3427916d67369e40af72aa441f3ca7be1e0ec6c53c3558fc7a1c4186 |
|
| Details | sha256 | 1 | 8efc5db8c678bdf27dacbf033842c2ef676c979afdc4561cb8d315d2d488491f |
|
| Details | sha256 | 1 | beb09817608daba003589292a6cca2f724c52f756df2ef0e230380345d702716 |
|
| Details | sha256 | 1 | ba07ee6409908384172511563e6b9059cf84121fcb42c54d45c76ec67cb36d7c |
|
| Details | sha256 | 1 | bf1d1f5157756529d650719cc531ec2de94edb66ae1dabd00ed6f4b90a336d9c |
|
| Details | sha256 | 1 | 2dd7c9ea32f5b2a4d431fc54aa68cd76837f80bb324ef2e4e1e5134e467e35af |
|
| Details | sha256 | 1 | 56c9235e55b1a6371762159619e949686d8de2b45a348aeb4fd5bed6a126f66a |
|
| Details | sha256 | 1 | dda47ba7a41c9a2f041cc10f9b058a78e0019315c51cc98d0f356e2054209ae5 |
|
| Details | sha256 | 1 | cf5bbbcb3f4d5123c08635c8fd398e55e516893b902a33cd6f478e8797eea962 |
|
| Details | sha256 | 1 | b3a8ea3b501b9b721f6e371dd57025dc14d117c29ce8ee955b240d4a17bc2127 |
|
| Details | sha256 | 1 | 9d10de1c3c435927d07a1280390faf82c5d7d5465d772f6e1206751400072261 |
|
| Details | sha256 | 1 | 0eea610ec0949dc602a7178f25f316c4db654301e7389ee414c9826783fd64c0 |
|
| Details | sha256 | 1 | 8073593a7311bc23f971352c85ce2034c01d3d3fbbe4f99a8f3825292e8f9f77 |
|
| Details | sha256 | 1 | e1748e7e668d6fc7772e95c08d32f41ad340f4a9acf0e2f933f3cbeba7323afa |
|
| Details | sha256 | 1 | 0d6893c7a3a7afc60b81c136b1dcdfb24b35efab01aac165fe0083b9b981da7c |
|
| Details | sha256 | 1 | 77fbb82690c9256f18544e26bb6e306a3f878d3e9ab5966457ac39631dfd2cb0 |
|
| Details | IPv4 | 3 | 45.133.194.135 |
|
| Details | IPv4 | 1 | 92.38.135.92 |
|
| Details | IPv4 | 1 | 141.164.60.28 |
|
| Details | IPv4 | 1 | 158.247.223.50 |
|
| Details | IPv4 | 1 | 158.247.234.163 |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | IPv4 | 1 | 107.148.149.108 |
|
| Details | IPv4 | 1 | 148.163.6.214 |
|
| Details | MITRE ATT&CK Techniques | 310 | T1566.001 |
|
| Details | MITRE ATT&CK Techniques | 137 | T1059.005 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 70 | T1574.001 |
|
| Details | MITRE ATT&CK Techniques | 15 | T1218.001 |
|
| Details | MITRE ATT&CK Techniques | 48 | T1480 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1518.001 |
|
| Details | MITRE ATT&CK Techniques | 99 | T1132.001 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 130 | T1573.001 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Threat Actor Identifier by Recorded Future | 4 | TAG-74 |