ioc[.]one - OSINT Cyber Threat Intelligence Database

Kimsuky Group: tracking the king of the spear phishing

Show in Graph

Common Information

Type	Value
UUID	d5b2351b-6b9e-4378-802f-a182b3276f3a
Fingerprint	806bc70e58d766d5694adb6a6f45611bc53596140fb794d908f303778c160bcc
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 4, 2019, 10:47 a.m.
Added to db	April 18, 2024, 10:45 a.m.
Last updated	Aug. 31, 2024, 1:15 a.m.
Headline	Kimsuky Group: tracking the king of the spear phishing
Title	Kimsuky Group: tracking the king of the spear phishing
Detected Hints/Tags/Attributes	67/3/87

Source URLs

	Redirection	Url
Details	Source	https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Kim-etal.pdf

URL Provider

Details	Provider	Source level domain
Details	virusbulletin.com	www.virusbulletin.com

Attributes

Details	Type	#Events	Value
Details	Domain	247	www.virusbulletin.com
Details	Domain	3	fsec.or.kr
Details	Domain	4	suppcrt-seourity.esy.es
Details	Domain	3	primary-help.esy.es
Details	Domain	1	center.pe.hu
Details	Domain	2	pe.hu
Details	Domain	1	team.890m.com
Details	Domain	1	aldiel.16mb.com
Details	Domain	1	vkcxvkweo.96.lt
Details	Domain	1	authorize.com
Details	Domain	4	member-authorize.com
Details	Domain	2	ddlove.kr
Details	Domain	2	romanic.fm
Details	Domain	4	gyjmc.com
Details	Domain	2	ddlovke.kr
Details	Domain	2	military.co.kr
Details	Domain	403	securelist.com
Details	Domain	189	asec.ahnlab.com
Details	Domain	2	www.hani.co.kr
Details	Domain	42	co.kr
Details	Domain	37	blog.alyac.co.kr
Details	Domain	5	threatrecon.nshc.net
Details	Domain	10	global.ahnlab.com
Details	Domain	11	www.oreilly.com
Details	Domain	268	www.virustotal.com
Details	Domain	1	www.hybridanalysis.com
Details	Domain	1	ip.rst.im
Details	Domain	1373	twitter.com
Details	Domain	87	app.any.run
Details	Email	1	null}@fsec.or.kr
Details	File	19	core.dll
Details	File	3	onedll.dll
Details	File	4	fontchk.js
Details	File	2	zerodll.dll
Details	File	85	log.txt
Details	File	2	script.dll
Details	File	2	hanyangupload_script.dll
Details	File	10	1.vbs
Details	File	7	mail.php
Details	File	2	mail_ok.php
Details	File	3	reading.php
Details	File	98	download.php
Details	File	1	1234.eml
Details	File	4	freedom.dll
Details	File	3	join.php
Details	File	1	onlyfilelist.dll
Details	File	1	730395.html
Details	File	2	356_261573.html
Details	md5	3	8332be776617364c16868c1ad6b4efe7
Details	md5	4	4de21c3af64b3b605446278de92dfff4
Details	md5	4	f22db1e3ea74af791e34ad5aa0297664
Details	md5	1	2FB20830564AC781AFB7D5F422BECFC9
Details	md5	2	53ac231e8091abcd0978124f9268b4e4
Details	md5	2	8b59ea1ee28e0123da82801abc0cce4d
Details	md5	1	fa2ffcd70fba43dd0653a0ec87863d8a
Details	md5	1	10a120f573874c2af6b9172a26fdc597
Details	md5	1	ae5ddda3749dcd72bc6cf6d658c5e31c
Details	md5	1	0718bfc5957758d22af02e726cb25fe3
Details	md5	1	f38a8ba888c5732236a5e0653826a267
Details	md5	1	0b65e3f7a40261232dd93f472933fb72
Details	md5	1	b90ed8fe3160ce49d69d000b1005c0c5
Details	md5	1	abafa0cbfbe18afe6dd635d14e7d03d3
Details	md5	1	6d73e394762022f3cc426b0a37c4e694
Details	md5	1	e3dcfd19a6054f7b436b09e8ea9f37a5
Details	md5	1	9d453684e78ae95b0833c16ef8df6c4f
Details	md5	1	da2eefeb7ff5a13c0d890d4ccc0e35e1
Details	md5	1	05075cb9a05d0cce7263842c43f5cf8b
Details	md5	1	e8d9d604615bd85862dce00bd8121b92
Details	md5	1	cd5bee99bcae12da1d92cd252f30bd86
Details	sha256	1	5f2ac8672e19310bd532c47d209272bd75075696dea6ffcc47d1d37f18aff141
Details	sha256	1	f7d2780bc7bb24d7525012a566a37c5baeeba79e0d199120c9f3ccaf5ae3448c
Details	Threat Actor Identifier by Red Alert	50	SectorA05
Details	Url	2	https://securelist.com/the-kimsuky-
Details	Url	1	http://asec.ahnlab.com/993.
Details	Url	1	http://www.hani.co.kr/arti/print/730395.html
Details	Url	1	http://www.koreatimes
Details	Url	1	https://blog.alyac.co.kr/2066.
Details	Url	1	https://threatrecon.nshc.net/2019/01/30/operation-kitty-phishing/.
Details	Url	5	https://global.ahnlab.com/global/upload/download/techreport
Details	Url	1	https://www.oreilly.com/library/view/writing-secure-code/0735617228/.
Details	Url	109	https://www.virusbulletin.com
Details	Url	3	https://www.virustotal.com/gui
Details	Url	1	https://www.hybridanalysis.com
Details	Url	1	https://ip.rst.im/oui/c48508.
Details	Url	2	https://www.virustotal.com/gui/ﬁ
Details	Url	1	https://twitter.com/anyrun_app/status/1115513990711521280.
Details	Url	1	https://app.any.run/tasks/680af12b-e8c3.