ioc[.]one - OSINT Cyber Threat Intelligence Database

Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US

Show in Graph

Common Information

Type	Value
UUID	5a675218-9f5c-4e60-a419-476425f56c81
Fingerprint	00c9d72395ca71d8065cafffd31f07a86de31819219e05ed0616489d9fa8aac7
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 17, 2019, 9:54 a.m.
Added to db	March 9, 2024, 11:45 p.m.
Last updated	Aug. 31, 2024, 8:03 a.m.
Headline	Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US
Title	Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US
Detected Hints/Tags/Attributes	113/3/165

Source URLs

	Redirection	Url
Details	Redirection	https://blog.alyac.co.kr/attachment/cfile5.uf@99A0CD415CB67E210DCEB3.pdf
Details	Source	https://t1.daumcdn.net/cfile/tistory/99A0CD415CB67E210D?download

URL Provider

Details	Provider	Source level domain
Details	alyac.co.kr	blog.alyac.co.kr
Details	daumcdn.net	t1.daumcdn.net

Attributes

Details	Type	#Events	Value
Details	Domain	6	post0.open
Details	Domain	2	naban.co.kr
Details	Domain	4	jmable.mireene.com
Details	Domain	3	itoassn.mireene.co.kr
Details	Domain	3	jmdesign.mireene.com
Details	Domain	4	tdalpacafarm.com
Details	Domain	4	christinadudley.com
Details	Domain	13	wshell.run
Details	Domain	339	system.net
Details	Domain	7	seoulhobi.biz
Details	Domain	4	login-main.bigwnet.com
Details	Domain	2	mohanimpex.com
Details	Domain	2	fmchr.in
Details	Domain	2	www.seoulhobi.biz
Details	Domain	179	hotmail.com
Details	Domain	3	nidhelpnaver.com
Details	Domain	14	www.blockchain.com
Details	Domain	2	www.freelancer.co.kr
Details	Domain	4128	github.com
Details	Domain	2	wallet.bitshares.org
Details	Domain	1	bts.ai
Details	Domain	1	www.guru.com
Details	Email	3	snow8949@hotmail.com
Details	Email	2	jamshine1993@hotmail.com
Details	Email	2	om*****@hotmail.com
Details	Email	2	rjh917@hotmail.com
Details	Email	2	om197019621993@hotmail.com
Details	File	8	expres.php
Details	File	97	upload.php
Details	File	2	keylogger1.ps1
Details	File	2	ktmp.log
Details	File	2	'taskforcereport.doc
Details	File	6	doc.php
Details	File	2	'oct_bld_full_view.docm
Details	File	22	find.exe
Details	File	3	'activex1.bin
Details	File	2	'activex10.bin
Details	File	2	'activex2.bin
Details	File	8	cow.php
Details	File	6	exe.gif
Details	File	5	cow.gif
Details	File	5	'expres.php
Details	File	3	'exe.gif
Details	File	4	'cow.php
Details	File	4	'upload.php
Details	File	3	'ttmp.log
Details	File	2126	cmd.exe
Details	File	1208	powershell.exe
Details	File	2	'altcoinminingbot.exe
Details	File	8	note.php
Details	File	39	image.png
Details	File	4	'update.exe
Details	File	2	'explorer.tmp
Details	File	3	task_force_report.doc
Details	File	4	summit-24mar-rev26mar19.doc
Details	File	3	taskforcereport.doc
Details	File	2	oft.docm
Details	File	2	spec.docm
Details	File	3	white_paper.doc
Details	File	2	schedule_.doc
Details	File	2	xcryptocrash_schedule.doc
Details	File	2	'white_paper.doc
Details	File	2	'xcryptocrash_schedule.doc
Details	File	1	bts.ai
Details	Github username	1	devaji917
Details	Github username	4	kgretzky
Details	Github username	2	cryptonotefoundation
Details	Github username	1	fungsyujonggu
Details	md5	3	d400adcd06e0a07549e2465c9c500c45
Details	md5	2	1a6f9190e7c53cd4e9ca4532547131af
Details	md5	4	0f77143ce98d0b9f69c802789e3b1713
Details	md5	2	cf264f9bca2f2fbcc2c1e7a4a491afec
Details	md5	2	b74909e14e25d2e9d1452b77f9927bf6
Details	md5	2	599ef2988141d251c3f4ce991a9b5cd2
Details	md5	3	e68b11bef48e8e88cba7e3c93fac5eab
Details	md5	4	7ca1a603a7440f1031c666afbe44afc8
Details	md5	3	60973af3b8ecbbb0ab659124409b7df1
Details	md5	3	2ff911b042e5d94dd78f744109851326
Details	md5	2	304d86463a1fff5183aacc17ef2b3730
Details	md5	2	f816a9c4a3415e8bae807c09e0f80b38
Details	md5	2	4118b251c977a682ebb4993601b9a7e3
Details	md5	2	29fbf69e72c0daac57d2cbba11bbfaa5
Details	md5	3	397ba1d0601558dfe34cd5aafaedd18e
Details	md5	3	49bac05068a79314e00c28b163889263
Details	md5	2	c94e5da189bf166fc4a2670685a796a3
Details	IPv4	2	110.4.107.244
Details	IPv4	3	192.186.142.74
Details	Url	2	http://naban.co.kr/mobile/skin/member/ctml/v/expres.php?op=1
Details	Url	2	http://naban.co.kr/mobile/skin/member/ctml/v/first.hta
Details	Url	2	http://naban.co.kr/mobile/skin/member/ctml/v/upload.php
Details	Url	2	http://naban.co.kr/mobile/skin/member/ctml/v/second.hta
Details	Url	2	http://naban.co.kr/mobile/skin/member/ctml/v/expres.php?op=2
Details	Url	2	http://naban.co.kr/mobile/skin/member/ctml/v/keylogger1.ps1
Details	Url	3	https://tdalpacafarm.com/files/kr/contents/vkggy0.hta
Details	Url	3	https://tdalpacafarm.com//wp-includes/text/diff/common/htqgf0.hta
Details	Url	2	https://tdalpacafarm.com//wp-includes/text/diff/common/expres.php?op=1
Details	Url	2	https://tdalpacafarm.com//wp-includes/text/diff/common/cow.php?op=exe.gif
Details	Url	2	https://tdalpacafarm.com//wp-includes/text/diff/common/cow.php?op=cow.gif
Details	Url	2	https://christinadudley.com/public_html/includes/common/qfnaq0.hta
Details	Url	2	https://christinadudley.com/public_html/includes/common/expres.php?op=1
Details	Url	2	https://christinadudley.com/public_html/includes/common/cow.php?op=normal.src
Details	Url	2	https://christinadudley.com/public_html/includes/common/normal.src
Details	Url	2	https://christinadudley.com/public_html/includes/common/cow.php?op=exe.gif
Details	Url	2	https://christinadudley.com/public_html/includes/common/cow.php?op=cow.gif
Details	Url	2	http://jmable.mireene.com/shop/price/com/upload.php
Details	Url	3	https://tdalpacafarm.com/files/kr/contents/upload.php
Details	Url	2	http://seoulhobi.biz/how/fmaov0.hta
Details	Url	2	http://192.186.142.74/cache/fwvuj0.hta
Details	Url	2	http://192.186.142.74/cache/expres.php?op=1
Details	Url	2	http://192.186.142.74/cache/expres.php?op=2
Details	Url	2	http://192.186.142.74/cache/cow.php?op=exe.gif
Details	Url	2	http://192.186.142.74/cache/cow.php?op=cow.gif
Details	Url	2	http://192.186.142.74/cache/upload.php
Details	Url	2	http://192.186.142.74/mn/xtgnb0.hta
Details	Url	2	http://192.186.142.74/post/yluhi0.hta
Details	Url	2	http://192.186.142.74/dll/mylqn0.hta
Details	Url	2	http://192.186.142.74/lib/szgfj0.hta
Details	Url	2	http://192.186.142.74/lib/expres.php?op=1
Details	Url	2	https://login-main.bigwnet.com/attachment/view/note.php
Details	Url	3	https://login-main.bigwnet.com/attachment/view/msgxo0.hta
Details	Url	2	https://login-main.bigwnet.com/attachment/view/expres.php?op=1
Details	Url	2	https://login-main.bigwnet.com/attachment/view/cow.php?op=normal.src
Details	Url	2	https://login-main.bigwnet.com/attachment/view/msgxo.hta
Details	Url	2	https://login-main.bigwnet.com/attachment/view/expres.php?op=2
Details	Url	2	https://mohanimpex.com/include/tempdoc/891250/doc.php
Details	Url	2	https://mohanimpex.com/include/tempdoc/891250/ersrr0.hta
Details	Url	2	https://mohanimpex.com/include/tempdoc/891250/expres.php?op=1
Details	Url	2	https://mohanimpex.com/include/tempdoc/891250/pkjjy.hta
Details	Url	2	https://mohanimpex.com/include/tempdoc/891250/upload.php
Details	Url	2	https://mohanimpex.com/include/tempdoc/891250/image.png
Details	Url	2	https://fmchr.in/images/common/neacd/qzqrn0.hta
Details	Url	2	https://fmchr.in/images/common/neacd/expres.php?op=1
Details	Url	2	https://fmchr.in/images/common/neacd/upload.php
Details	Url	2	https://fmchr.in/images/common/neacd/cow.php?op=1
Details	Url	3	https://christinadudley.com/public_html/includes/common/qfnaq.hta
Details	Url	1	https://tdalpacafarm.com//wp-
Details	Url	2	http://www.seoulhobi.biz/how/fmaov0.hta
Details	Url	2	http://nidhelpnaver.com
Details	Url	2	https://www.blockchain.com/ko/btc/address/15vsh2t3ss9owzuagnn7ee155tews4igfg
Details	Url	2	https://www.freelancer.co.kr/projects/mobile-phone/develop-bustabit-game
Details	Url	2	https://www.freelancer.co.kr/projects/php/javascript-expert-who-can-integrate
Details	Url	2	https://www.freelancer.co.kr/projects/c-programming/hidden-vnc-with-back-connection
Details	Url	2	https://www.freelancer.co.kr/projects/python/telagram-bitmex-bot
Details	Url	2	https://www.freelancer.co.kr/projects/php/perfect-money-payment-gateway-18523359
Details	Url	2	https://www.freelancer.co.kr/projects/c-programming/need-expert-18408762
Details	Url	2	https://www.freelancer.co.kr/projects/linux/finish-linux-project-18498297
Details	Url	2	https://www.freelancer.co.kr/projects/software-architecture/lock-bitings
Details	Url	2	https://www.freelancer.co.kr/projects/java/expert-coding
Details	Url	2	https://www.freelancer.co.kr/projects/software-architecture/online-game-18406869
Details	Url	2	https://www.freelancer.co.kr/projects/php/install-bitcoin-ethereum-full-node
Details	Url	2	https://www.freelancer.co.kr/projects/php/send-whatsapp-message
Details	Url	2	https://www.freelancer.co.kr/projects/php/crypto-trading-bot-tradingview-scrip
Details	Url	2	https://www.freelancer.co.kr/projects/php/cryptocurrency-website-18560239
Details	Url	2	https://www.freelancer.co.kr/projects/php/blockchain-dice-game
Details	Url	2	https://www.freelancer.co.kr/projects/php/fhg-please-read-request-before
Details	Url	2	https://www.freelancer.co.kr/projects/php/proxy-creator-18562916
Details	Url	1	https://www.freelancer.co.kr/projects/graphic-design/email-marketing-landing-page-
Details	Url	1	https://github.com/devaji917
Details	Url	2	https://github.com/kgretzky/evilginx2/issues/253
Details	Url	2	https://github.com/cryptonotefoundation/cryptonote/issues/221
Details	Url	2	https://github.com/cryptonotefoundation/cryptonote/issues/222
Details	Url	2	https://wallet.bitshares.org/#
Details	Url	1	https://bts.ai/u/devaji917
Details	Url	1	https://www.guru.com/freelancers/devaji917
Details	Url	1	https://github.com/fungsyujonggu