20231030_Kimsuky APT 그룹의 Storm 작전과 BabyShark Family 연관 분석_v5.0 표지포함
Common Information
| Type | Value |
|---|---|
| UUID | cf9c3f20-7d20-47e9-b27f-3ebc390a3845 |
| Fingerprint | da7d584d69e037a5b3cf3ef90fd5304bbaac72c0d78a99484def8a081b373f10 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | None |
| Added to db | May 13, 2024, 4:21 p.m. |
| Last updated | Aug. 31, 2024, 6:33 a.m. |
| Headline | 20231030_Kimsuky APT 그룹의 Storm 작전과 BabyShark Family 연관 분석_v5.0 표지포함 |
| Title | 20231030_Kimsuky APT 그룹의 Storm 작전과 BabyShark Family 연관 분석_v5.0 표지포함 |
| Detected Hints/Tags/Attributes | 120/3/192 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 22 | www.genians.co.kr |
|
| Details | Domain | 1 | mofa.go.kr |
|
| Details | Domain | 1 | mofa.go.ci |
|
| Details | Domain | 1 | kessol.co.kr |
|
| Details | Domain | 1 | carbontc.co.kr |
|
| Details | Domain | 1 | unikorea.go.ci |
|
| Details | Domain | 6 | app.com |
|
| Details | Domain | 1 | isujeil.co.kr |
|
| Details | Domain | 1 | ba-reum.co |
|
| Details | Domain | 1 | mechapia.com |
|
| Details | Domain | 1 | inonix.co.kr |
|
| Details | Domain | 1 | heritage2020.ca |
|
| Details | Domain | 1 | fe24.com |
|
| Details | Domain | 1 | oxusgreen.co |
|
| Details | Domain | 1 | ntheweb.net |
|
| Details | Domain | 1 | yanggucam.desi |
|
| Details | Domain | 1 | gnsoup.co.kr |
|
| Details | Domain | 1 | community.org |
|
| Details | Domain | 2 | bipaf.org |
|
| Details | Domain | 1 | ages.com |
|
| Details | Domain | 1 | esonline.org |
|
| Details | Domain | 1 | list.ph |
|
| Details | Domain | 1 | heweb.net |
|
| Details | Domain | 1 | koreawus.com |
|
| Details | Domain | 1 | jooshineng.co |
|
| Details | Domain | 1 | eontheweb.ne |
|
| Details | Domain | 1 | bcommunity.org |
|
| Details | Domain | 1 | sonline.com |
|
| Details | Domain | 2 | one.bandi.tokyo |
|
| Details | Domain | 1 | file.com |
|
| Details | Domain | 4 | point.com |
|
| Details | Domain | 1 | up.co.kr |
|
| Details | Domain | 1 | point.com-def.asia |
|
| Details | Domain | 2 | ba-reum.co.kr |
|
| Details | Domain | 1 | ne.com |
|
| Details | Domain | 1 | nline.org |
|
| Details | Domain | 1 | orblog.mireene.co |
|
| Details | Domain | 1 | cainnick002.000webhostapp.com |
|
| Details | Domain | 10 | mx.open |
|
| Details | Domain | 3 | www.isujeil.co.kr |
|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 149 | system.security |
|
| Details | Domain | 1 | im.read |
|
| Details | Domain | 1 | kima.medianewsonline.com |
|
| Details | Domain | 1 | complletely.mypressonline.com |
|
| Details | Domain | 4 | mpevalr.ria.monster |
|
| Details | Domain | 4 | ibsq.co.kr |
|
| Details | Domain | 3 | beilksa.scienceontheweb.net |
|
| Details | Domain | 1 | complletely.mywebcommunity.org |
|
| Details | Domain | 1 | comr.scienceontheweb.net |
|
| Details | Domain | 1 | dropped.atwebpages.com |
|
| Details | Domain | 4 | file.com-port.space |
|
| Details | Domain | 1 | gooogie.mygamesonline.org |
|
| Details | Domain | 4 | heritage2020.cafe24.com |
|
| Details | Domain | 1 | infotechkorea.com |
|
| Details | Domain | 3 | jooshineng.com |
|
| Details | Domain | 1 | kinu.medianewsonline.com |
|
| Details | Domain | 2 | orblog.mireene.com |
|
| Details | Domain | 1 | oxusgreen.co.kr |
|
| Details | Domain | 2 | samsoding.homm7.gethompy.com |
|
| Details | Domain | 1 | stommy.mywebcommunity.org |
|
| Details | Domain | 3 | uppgrede.scienceontheweb.net |
|
| Details | Domain | 1 | viewfile.ria.monster |
|
| Details | Domain | 2 | yanggucam.designsoup.co.kr |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | File | 1 | '북의핵위협양상과한국의대응방향.chm |
|
| Details | File | 1 | 'email_17107031014.html |
|
| Details | File | 1 | 대응방향.chm |
|
| Details | File | 29 | show.php |
|
| Details | File | 1 | 면담관련.rar |
|
| Details | File | 1 | 관련.zip |
|
| Details | File | 1 | '설문조사.doc |
|
| Details | File | 1 | '종학.doc |
|
| Details | File | 1 | 질문지.docx |
|
| Details | File | 64 | list.php |
|
| Details | File | 1 | 질의서.docx |
|
| Details | File | 1 | 사안보0331.docx |
|
| Details | File | 1 | 사이버안전참고자료.doc |
|
| Details | File | 1 | st.php |
|
| Details | File | 1 | _수정.doc |
|
| Details | File | 1 | 설문조사.doc |
|
| Details | File | 3 | 14.doc |
|
| Details | File | 1 | ist.php |
|
| Details | File | 1 | 종학.doc |
|
| Details | File | 1 | 연례학술회의_안내문.doc |
|
| Details | File | 1 | 안내_최종.doc |
|
| Details | File | 1 | einhorn.doc |
|
| Details | File | 1 | 지급서식.doc |
|
| Details | File | 3 | state.dot |
|
| Details | File | 1 | 대응방향.doc |
|
| Details | File | 1 | 북핵.doc |
|
| Details | File | 13 | demo.txt |
|
| Details | File | 1 | questions.chm |
|
| Details | File | 1 | 대표.chm |
|
| Details | File | 1 | page_1.html |
|
| Details | File | 4 | document.dat |
|
| Details | File | 8 | o.txt |
|
| Details | File | 3 | mini.dat |
|
| Details | File | 1 | 대표.chm |
|
| Details | File | 1 | how.php |
|
| Details | File | 1 | 소개.chm |
|
| Details | File | 1 | 료.doc |
|
| Details | File | 1 | 방법.doc |
|
| Details | File | 1 | 바이러스문서확인방법.doc |
|
| Details | File | 1 | 확인방법.doc |
|
| Details | File | 1 | trump.doc |
|
| Details | File | 2 | eweerew.php |
|
| Details | File | 98 | download.php |
|
| Details | File | 1 | res1.txt |
|
| Details | File | 1 | 그런데당시여기서사용된'download.php |
|
| Details | File | 1 | 한국의대응방향.chm |
|
| Details | File | 1 | 관련.rar |
|
| Details | File | 2 | 'home.html |
|
| Details | File | 37 | 'cmd.exe |
|
| Details | File | 1 | 명령과'certutil.exe |
|
| Details | File | 17 | home.html |
|
| Details | File | 1 | 'show.php |
|
| Details | File | 46 | microsoft.xml |
|
| Details | File | 1 | %userprofile%\links\desktops.ini |
|
| Details | File | 1 | 데이터에는악성명령이포함된'desktops.ini |
|
| Details | File | 5 | 'cscript.exe |
|
| Details | File | 1 | 아울러'vbscript.exe |
|
| Details | File | 1 | 값및'desktops.ini |
|
| Details | File | 2 | 'desktops.ini |
|
| Details | File | 3 | 'info.txt |
|
| Details | File | 1 | 통일부인권인도실장면담관련파일로유포된'email_17107031014.html |
|
| Details | File | 1 | 클릭하면본문내용과함께'통일부인권인도실장면담관련.rar |
|
| Details | File | 1 | '통일부인권인도실장면담관련.rar |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 1 | tmp+랜덤숫자9자리조합.vbs |
|
| Details | File | 1 | tmp298855589.vbs |
|
| Details | File | 4 | res.ini |
|
| Details | File | 24 | lib.php |
|
| Details | File | 1 | 경로의'show.php |
|
| Details | File | 1 | aesdecrypt.ps1 |
|
| Details | File | 1 | 깃허브의aesdecrypt.ps1 |
|
| Details | File | 8 | document.vbs |
|
| Details | File | 1 | mini.vbs |
|
| Details | md5 | 1 | 00FF9F067C3ADFFE04E89B0A654865D2 |
|
| Details | md5 | 1 | 04A0505CC45D2DAC4BE9387768EFCB7C |
|
| Details | md5 | 1 | 1287F69B59F67AAB247487CDD12DFEF7 |
|
| Details | md5 | 1 | 12EA0DF10C1C0D23DC4141806DCDBB72 |
|
| Details | md5 | 1 | 1670BB091DBA017606EA5E763072D45F |
|
| Details | md5 | 1 | 1FD0ABCCCBC7D4BFDC1A11D4AFA97E6D |
|
| Details | md5 | 1 | 20CDCC85D0AE460C1B6E612B154E0E16 |
|
| Details | md5 | 1 | 3E6225639930E59EB451D629C68D6C49 |
|
| Details | md5 | 1 | 4DE19E2C39B1D193E171DC8D804005A4 |
|
| Details | md5 | 1 | 55A46A2415D18093ABCD59A0BF33D0A9 |
|
| Details | md5 | 1 | 71DFDEE26EE08673895E00D6F21DF90F |
|
| Details | md5 | 1 | 76159EF8239C0EE7C6A6C75F805D6236 |
|
| Details | md5 | 1 | 8BEE08D7B452B5D51780FB4DCC9CA2BF |
|
| Details | md5 | 1 | 8EDE7C76CF88723A2A4454793260A970 |
|
| Details | md5 | 1 | 90A56BC6A66BB4E02265389529757460 |
|
| Details | md5 | 1 | 96C9A1CFEAD6477982BD5A5279A2E813 |
|
| Details | md5 | 1 | A199C19A6ACDE21505B21DA9D74562CC |
|
| Details | md5 | 1 | A3DF25ABAC771A892F6CAF29B140A6EB |
|
| Details | md5 | 1 | A9276BAE977589F3F670F26B2CB8A9F1 |
|
| Details | md5 | 1 | B1A444AA1FE1287FDC516E1C2EC9F1B2 |
|
| Details | md5 | 1 | BF41074E39BB3ABBE4E4640401E7E655 |
|
| Details | md5 | 1 | D3A317DD167CFA77C976FA9C86C24982 |
|
| Details | md5 | 2 | DB056ED732D7CABEDCF10E783A349C8C |
|
| Details | md5 | 1 | DDE1F94B7B8DCD720B6952BA9D71763F |
|
| Details | md5 | 1 | F5C7538C149CC502D6B937A2965167F0 |
|
| Details | md5 | 2 | FB5AEC165279015F17B29F9F2C730976 |
|
| Details | md5 | 1 | FE4DD316363D3631C83C2995DD3775F4 |
|
| Details | IPv4 | 2 | 218.150.78.197 |
|
| Details | IPv4 | 10 | 1.4.0.0 |
|
| Details | IPv4 | 4 | 104.0.0.0 |
|
| Details | MITRE ATT&CK Techniques | 13 | T1598.002 |
|
| Details | MITRE ATT&CK Techniques | 12 | T1598.003 |
|
| Details | MITRE ATT&CK Techniques | 15 | T1585.002 |
|
| Details | MITRE ATT&CK Techniques | 183 | T1566.002 |
|
| Details | MITRE ATT&CK Techniques | 22 | T1566.003 |
|
| Details | MITRE ATT&CK Techniques | 460 | T1059.001 |
|
| Details | MITRE ATT&CK Techniques | 333 | T1059.003 |
|
| Details | MITRE ATT&CK Techniques | 137 | T1059.005 |
|
| Details | MITRE ATT&CK Techniques | 365 | T1204.002 |
|
| Details | MITRE ATT&CK Techniques | 380 | T1547.001 |
|
| Details | MITRE ATT&CK Techniques | 297 | T1070.004 |
|
| Details | MITRE ATT&CK Techniques | 504 | T1140 |
|
| Details | MITRE ATT&CK Techniques | 15 | T1218.001 |
|
| Details | MITRE ATT&CK Techniques | 433 | T1057 |
|
| Details | MITRE ATT&CK Techniques | 1006 | T1082 |
|
| Details | MITRE ATT&CK Techniques | 585 | T1083 |
|
| Details | MITRE ATT&CK Techniques | 141 | T1518.001 |
|
| Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | Threat Actor Identifier - APT-C | 15 | APT-C-55 |
|
| Details | Url | 2 | https://www.genians.co.kr |
|
| Details | Url | 1 | http://cainnick002.000webhostap |
|
| Details | Url | 1 | http://cainnick002.000webhostapp.com/nick/show.php?query=50 |
|
| Details | Url | 4 | https://attack.mitre.org/tactics/enterprise |