SharpTongue: pwning your foreign policy, one interview request at a time
Common Information
| Type | Value |
|---|---|
| UUID | 2bbd5ab6-cdef-4c1e-af07-d2a1e3e5ea53 |
| Fingerprint | 2d9f57734d67c9413e7c8bd55e04e733502a85d24862b5726185a505f67b560b |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Sept. 24, 2023, 6:03 p.m. |
| Added to db | April 16, 2024, 7:06 p.m. |
| Last updated | Aug. 31, 2024, 12:01 a.m. |
| Headline | SharpTongue: pwning your foreign policy, one interview request at a time |
| Title | SharpTongue: pwning your foreign policy, one interview request at a time |
| Detected Hints/Tags/Attributes | 117/3/68 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 7 | volexity.com |
|
| Details | Domain | 247 | www.virusbulletin.com |
|
| Details | Domain | 36 | www.volexity.com |
|
| Details | Domain | 167 | www.ic3.gov |
|
| Details | Domain | 96 | malpedia.caad.fkie.fraunhofer.de |
|
| Details | Domain | 124 | www.sentinelone.com |
|
| Details | Domain | 123 | www.reuters.com |
|
| Details | Domain | 1 | www.kinu.or.kr |
|
| Details | Domain | 3 | view.do |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 128 | support.microsoft.com |
|
| Details | Domain | 224 | unit42.paloaltonetworks.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | slimpdf.en.softonic.com |
|
| Details | Domain | 19 | www.huntress.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 2 | www.cse.chalmers.se |
|
| Details | Domain | 23 | httpd.apache.org |
|
| Details | Domain | 403 | securelist.com |
|
| Details | 2 | tlancaster@volexity.com |
||
| Details | File | 2125 | cmd.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 1 | installslimpdfreader.exe |
|
| Details | File | 89 | version.dll |
|
| Details | File | 12 | netutils.dll |
|
| Details | File | 34 | license.txt |
|
| Details | File | 367 | readme.txt |
|
| Details | File | 1 | %appdata%\microsoft\1.bat |
|
| Details | File | 61 | 1.bat |
|
| Details | File | 49 | onedrive.exe |
|
| Details | File | 1 | %appdata%\microsoft\onedrive\secur32.dll |
|
| Details | File | 1 | %appdata%\microsoft\onedrive\version.dll |
|
| Details | File | 1 | %appdata%\microsoft\onedrive\wtsapi32.dll |
|
| Details | File | 66 | normal.dot |
|
| Details | File | 1204 | index.php |
|
| Details | File | 1 | 230601.pdf |
|
| Details | File | 252 | www.cs |
|
| Details | File | 1 | cans20.pdf |
|
| Details | File | 3 | b374k.php |
|
| Details | File | 1 | htaccess.html |
|
| Details | Github username | 7 | volexity |
|
| Details | Github username | 7 | quasar |
|
| Details | Github username | 1 | bennythink |
|
| Details | sha256 | 1 | 4d63c840d5f4022666878b5d6ccd0da54d281fd4751a2c390b8795dfdfc35801 |
|
| Details | IPv4 | 4 | 1.1.5.0 |
|
| Details | MITRE ATT&CK Techniques | 164 | T1574 |
|
| Details | Url | 1 | https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing- |
|
| Details | Url | 1 | https://www.ic3.gov/media/news/2023/230601.pdf |
|
| Details | Url | 1 | https://malpedia.caad.fkie.fraunhofer.de/actor/kimsuky. |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/kimsuky-new-social- |
|
| Details | Url | 1 | https://www.reuters.com/world/asia-pacific/north-korean-cyber-spies-deploy- |
|
| Details | Url | 1 | https://www.kinu.or.kr/eng/board/view.do?nav_ |
|
| Details | Url | 1 | https://blog.google/threat-analysis-group/how-were-protecting-users-from-government-backed-attacks-from- |
|
| Details | Url | 1 | https://medium.com/s2wblog/kimsuky-group-appears-to-be-exploiting-onenote-like-the-cybercrime-group- |
|
| Details | Url | 1 | https://support.microsoft.com/en-us/office/protect-a-document- |
|
| Details | Url | 1 | https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/. |
|
| Details | Url | 1 | https://github.com/volexity/threat-intel. |
|
| Details | Url | 1 | https://slimpdf.en.softonic.com/. |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/4d63c840d5f4022666878b5d6ccd0da54d281fd4751a2c390b8795dfdfc35801. |
|
| Details | Url | 1 | https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood. |
|
| Details | Url | 5 | https://attack.mitre.org/techniques |
|
| Details | Url | 1 | https://www.cse.chalmers.se/~andrei/cans20.pdf |
|
| Details | Url | 1 | https://github.com/quasar/quasar. |
|
| Details | Url | 1 | https://github.com/quasar/quasar/releases. |
|
| Details | Url | 1 | https://github.com/bennythink/typecho_deserialization_exploit/blob/master/b374k.php |
|
| Details | Url | 1 | https://httpd.apache.org/docs/2.4/howto/htaccess.html |
|
| Details | Url | 1 | https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/. |