Kimsuky Group : Track the King of the Spear-Phishing
Show in Graph
Image Description
Common Information
Type Value
UUID b915eb04-e110-4029-950d-7043be95c920
Fingerprint 9932775958b763c9dee5fb428f20216f9e8c5f9e4c2f558ca088bc2ec46f2f53
Analysis status DONE
Considered CTI value 2
Text language
Published None
Added to db April 14, 2024, 3:44 a.m.
Last updated Aug. 31, 2024, 6 a.m.
Headline Kimsuky Group : Track the King of the Spear-Phishing
Title Kimsuky Group : Track the King of the Spear-Phishing
Detected Hints/Tags/Attributes 73/3/55
Source URLs
Redirection Url
Details Source https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Kim.pdf
URL Provider
Details Provider Source level domain
Details virusbulletin.com www.virusbulletin.com
Attributes
Details Type #Events CTI Value
Details CVE 11 
cve-2016-4171
Details CVE 92 
cve-2018-4878
Details Domain 9 
www.fsec.or.kr
Details Domain 1 
bbsdatalist.do
Details Domain 5 
www.koreatimes.co.kr
Details Domain 37 
blog.alyac.co.kr
Details Domain 5 
threatrecon.nshc.net
Details Domain 317 
bit.ly
Details Domain 4 
suppcrt-seourity.esy.es
Details Domain 1 
www.military.co.kr
Details Domain 3 
primary-help.esy.es
Details Domain 1373 
twitter.com
Details Domain 4 
member-authorize.com
Details Domain 2 
ddlove.kr
Details Domain 4128 
github.com
Details Domain 4 
gyjmc.com
Details Domain 2 
ddlovke.kr
Details Domain 2 
military.co.kr
Details Domain 3 
fsec.or.kr
Details Email 2 
jack2@fsec.or.kr
Details File 2 
356_261573.html
Details File 380 
notepad.exe
Details File 19 
core.dll
Details File 3 
onedll.dll
Details File 4 
fontchk.js
Details File 2 
hanyangupload_script.dll
Details File 21 
www.mil
Details File 1 
시사회.zip
Details File 1 
시사회.vbs
Details File 3 
reading.php
Details File 4 
freedom.dll
Details File 1260 
explorer.exe
Details File 26 
register.php
Details File 3 
join.php
Details File 98 
download.php
Details File 1 
dowonload.php
Details File 1 
miniproxy.php
Details File 7 
mail.php
Details File 2 
mail_ok.php
Details Github username 1 
ostoc
Details md5 4 
4de21c3af64b3b605446278de92dfff4
Details md5 4 
f22db1e3ea74af791e34ad5aa0297664
Details md5 2 
53ac231e8091abcd0978124f9268b4e4
Details md5 2 
8b59ea1ee28e0123da82801abc0cce4d
Details IPv4 4 
185.224.138.29
Details IPv4 1 
211.202.2.51
Details Pdb 1 
appleseed.pdb
Details Url 1 
http://www.fsec.or.kr/user/bbs/fsec/163/344/bbsdatalist.do
Details Url 1 
https://www.koreatimes.co.kr/www/nation/2019/01/356_261573.html
Details Url 2 
https://blog.alyac.co.kr/2066
Details Url 1 
https://threatrecon.nshc.net/2019/01/30/operation-kitty-phishing
Details Url 1 
https://global.ahnlab.com/global/upload/download/techreport/[analysis_report]operation%20kabar%20cobra%20(1).pdf
Details Url 1 
http://bit.ly/vb2019_img_malware
Details Url 1 
https://twitter.com/anyrun_app/status/1115513990711521280
Details Url 1 
http://bit.ly