Kimsuky2021年上半年窃密活动总结
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 0a5c6f11-da13-46e5-b261-5dd8af18e306 |
| Fingerprint | 5d6b75572ba779fa |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 21, 2022, midnight |
| Added to db | Sept. 11, 2022, 12:48 p.m. |
| Last updated | Nov. 17, 2024, 11:36 p.m. |
| Headline | Kimsuky2021年上半年窃密活动总结 |
| Title | Kimsuky2021年上半年窃密活动总结 |
| Detected Hints/Tags/Attributes | 16/0/164 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 30 | hanmail.net |
|
| Details | Domain | 1175 | gmail.com |
|
| Details | Domain | 1 | connectter.atwebpages.com |
|
| Details | Domain | 1 | majar.medianewsonline.com |
|
| Details | Domain | 2 | eucie09111.myartsonline.com |
|
| Details | Domain | 1 | hanlight.mygamesonline.org |
|
| Details | Domain | 4 | ftcpark59.getenjoyment.net |
|
| Details | Domain | 1 | manct.atwebpages.com |
|
| Details | Domain | 1 | fabre.myartsonline.com |
|
| Details | Domain | 3 | rukagu.mypressonline.com |
|
| Details | Domain | 1 | quarez.atwebpages.com |
|
| Details | Domain | 1 | waels.onlinewebshop.net |
|
| Details | Domain | 2 | pootball.medianewsonline.com |
|
| Details | Domain | 2 | yanggucam.designsoup.co.kr |
|
| Details | Domain | 2 | samsoding.homm7.gethompy.com |
|
| Details | Domain | 1 | www.mechapia.com |
|
| Details | Domain | 1 | miracle.designsoup.co.kr |
|
| Details | Domain | 1 | cwda.co.kr |
|
| Details | Domain | 4 | heritage2020.cafe24.com |
|
| Details | Domain | 3 | www.inonix.co.kr |
|
| Details | Domain | 3 | beilksa.scienceontheweb.net |
|
| Details | Domain | 3 | koreacit.co.kr |
|
| Details | Domain | 3 | reform-ouen.com |
|
| Details | Domain | 3 | www.anpcb.co.kr |
|
| Details | Domain | 1 | wbg0909.scienceontheweb.net |
|
| Details | Domain | 5 | smyun0272.blogspot.com |
|
| Details | Domain | 3 | alyssalove.getenjoyment.net |
|
| Details | Domain | 1 | 1ive.me |
|
| Details | Domain | 6 | worldinfocontact.club |
|
| Details | Domain | 5 | nuclearpolicy101.org |
|
| Details | Domain | 4 | cvwiq.zip |
|
| Details | Domain | 4 | kr2959.atwebpages.com |
|
| Details | Domain | 1 | klsa.onlinewebshop.net |
|
| Details | Domain | 25 | daum.net |
|
| Details | 1 | donavyk@hanmail.net |
||
| Details | 1 | donavyk@gmail.com |
||
| Details | 1 | dootakim@hanmail.net |
||
| Details | 4 | flower9801@hanmail.net |
||
| Details | 1 | applebox31@daum.net |
||
| Details | 1 | daeknmoon@daum.net |
||
| Details | 1 | shin.kyungjin@daum.net |
||
| Details | File | 1 | 去混淆后使用powershell.exe |
|
| Details | File | 196 | desktop.ini |
|
| Details | File | 1 | 释放version.dll |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 89 | version.dll |
|
| Details | File | 1 | 6c1e.vbs |
|
| Details | File | 1 | mac11_ver.txt |
|
| Details | File | 1 | aqz.bat |
|
| Details | File | 1 | 下一阶段的载荷aqz.bat |
|
| Details | File | 1 | 组件hancon.dll |
|
| Details | File | 1 | 经过我们对hancom.dll |
|
| Details | File | 1 | 我们又关联到了较新的一批hancom.dll |
|
| Details | File | 1 | loader下载释放hancom.dll |
|
| Details | File | 1 | 随后收集信息至pi_000.dat |
|
| Details | File | 2 | pi_001.dat |
|
| Details | File | 1 | 创建傀儡进程svchost.exe |
|
| Details | File | 1 | 注入到傀儡进程iexplorer.exe |
|
| Details | File | 5 | wieb.dat |
|
| Details | File | 4 | cvwiq.zip |
|
| Details | File | 73 | view.php |
|
| Details | md5 | 1 | d7b717134358bbeefc5796b5912369f0 |
|
| Details | md5 | 3 | 6a614ca002c5b3a4d7023faffc0546e1 |
|
| Details | md5 | 1 | bce51419fae8acbeff3149ca53f8baad |
|
| Details | md5 | 3 | 49a04c85555b35f998b1787b325526e6 |
|
| Details | md5 | 1 | c9f23b6ee1ba97c753892e6c103521d6 |
|
| Details | md5 | 1 | 5b2355014f72dc2714dc5a5f04fe9519 |
|
| Details | md5 | 2 | 8ca84c206fe8436dcc92bf6c1f7cf168 |
|
| Details | md5 | 1 | d725efd437d26e01e3b64e722929c01e |
|
| Details | md5 | 1 | 0d36f4f5a1f7bc7d89fbda02be7c2336 |
|
| Details | md5 | 1 | 86c462b8ceffbc10018df2c32e024b29 |
|
| Details | md5 | 1 | 208a3b4565d3041d09448a23a80edf1c |
|
| Details | md5 | 1 | dfbe17d9dfa3f3bb715e1d8348bd1f50 |
|
| Details | md5 | 1 | dc5fa08c7e2bb959042f5572c91ada5e |
|
| Details | md5 | 3 | 1269e2b00fd323a7748215124cb058cd |
|
| Details | md5 | 1 | 9d3b4e82d2c839ffc2887946fb204615 |
|
| Details | md5 | 1 | 5973ba270e9b5ea57c138245ffc39552 |
|
| Details | md5 | 1 | af3288ed7853865d562ccd1f48fa4a16 |
|
| Details | md5 | 2 | 199674e87f437bdbd68884b155346d25 |
|
| Details | md5 | 1 | 04a0505cc45d2dac4be9387768efcb7c |
|
| Details | md5 | 1 | d3a317dd167cfa77c976fa9c86c24982 |
|
| Details | md5 | 1 | d8e817abd5ad765bf7acec5d672cbb8d |
|
| Details | md5 | 1 | 4886f89546c422f5e04c2da33090a201 |
|
| Details | md5 | 1 | 0a68d6a3d0aa9c5a3a4485d314ea8372 |
|
| Details | md5 | 1 | c6437d685f4a489c867b4d2b68f07f1a |
|
| Details | md5 | 1 | 36ad6b5775ac550a36f56467051d2c03 |
|
| Details | md5 | 1 | ec3f771c71a24c165697e26e136daa4a |
|
| Details | md5 | 1 | 9ee9dacd6703c74e959a70a18ebb3875 |
|
| Details | md5 | 1 | 1670bb091dba017606ea5e763072d45f |
|
| Details | md5 | 1 | 21b72a6ed58db07a7f7c16372c3422e2 |
|
| Details | md5 | 1 | 41aba3f7a154fb209beba0e36e6ef3ab |
|
| Details | md5 | 1 | 68a1cc84de7d5802b7251786a8a5da0c |
|
| Details | md5 | 1 | a9b6cf8d8d0a67da4eea269dab16fe99 |
|
| Details | md5 | 1 | fe4dd316363d3631c83c2995dd3775f4 |
|
| Details | md5 | 4 | 0821884168a644f3c27176a52763acc9 |
|
| Details | md5 | 3 | 95c92bcfc39ceafc1735f190a575c60c |
|
| Details | md5 | 1 | e3e40b3eaefeb0c63dd449087a8988ef |
|
| Details | md5 | 1 | FE3AD944D07B66C83DC433C39FC054F4 |
|
| Details | md5 | 1 | D79C92CC5AB70B61B2E174256577EA3A |
|
| Details | md5 | 1 | 9E0B68D23D36A6D276BA204BD8377120 |
|
| Details | md5 | 1 | 12047FD5EF345CE53C92324357BDFFBE |
|
| Details | md5 | 1 | 27EE7CF37FFFFF7809E806F2462AEB00 |
|
| Details | md5 | 1 | FA935505E2A9A7DE6380AB9447D07D2C |
|
| Details | md5 | 2 | 15ec5c7125e6c74f740d6fc3376c130d |
|
| Details | md5 | 1 | 3ecc65085a91044a119abce4f0c0d4de |
|
| Details | md5 | 1 | ec19cd77170b6ac8772c5799fdd88852 |
|
| Details | md5 | 1 | 11ac8609d64e5a5ade83eff92e4f1314 |
|
| Details | md5 | 2 | 1d30dfa5d8f21d1465409b207115ded6 |
|
| Details | md5 | 1 | 37e4865de72c3169d591e16ef8823676 |
|
| Details | md5 | 1 | e69294040dab044805c9d7c47fef4844 |
|
| Details | md5 | 1 | cf5815a1f635dca148ccffeb074b64d5 |
|
| Details | md5 | 1 | c9dae2b42f0b28631dc314a74fa2177f |
|
| Details | md5 | 3 | 0629fd238259d7df7aa22ca82ac6b93e |
|
| Details | md5 | 1 | 425f291cbaee9b44214057642db271a5 |
|
| Details | md5 | 1 | 0e998937644007904f27a1eaffe32df5 |
|
| Details | md5 | 1 | 7a67b8c387f24b782e46601634165681 |
|
| Details | md5 | 1 | 6ec77913e6a359ee4e62909e28c08f1d |
|
| Details | md5 | 1 | 2399df3a222032c188a22df52a49384a |
|
| Details | md5 | 1 | d73239230625afd2d9fa6cce1c6c022c |
|
| Details | md5 | 1 | 4a139f6888790f059ff5e19056ca5664 |
|
| Details | md5 | 1 | 71e480edcb51a02b8460ccc9b2dfa272 |
|
| Details | md5 | 1 | 72d43ff8f9ee0819e96ed7fd7d9a551a |
|
| Details | md5 | 1 | 7f8a4e0dca2e18121af505d9198d81d1 |
|
| Details | md5 | 1 | 523b3401b0fb0e8aec9be70f57686840 |
|
| Details | Url | 1 | http://connectter.atwebpages.com/2612/download.php? |
|
| Details | Url | 1 | http://majar.medianewsonline.com/0812/1.php? |
|
| Details | Url | 1 | http://eucie09111.myartsonline.com/0502/v.php? |
|
| Details | Url | 1 | http://hanlight.mygamesonline.org/2403/v.php? |
|
| Details | Url | 1 | http://ftcpark59.getenjoyment.net/1703/v.php? |
|
| Details | Url | 1 | http://manct.atwebpages.com/ck/uy.txt |
|
| Details | Url | 1 | http://fabre.myartsonline.com/ys/ha.txt |
|
| Details | Url | 3 | http://rukagu.mypressonline.com/le/yj.txt |
|
| Details | Url | 1 | http://quarez.atwebpages.com/ny/ui.txt |
|
| Details | Url | 1 | http://quarez.atwebpages.com/ny/post.php |
|
| Details | Url | 1 | http://quarez.atwebpages.com/ds/le.txt |
|
| Details | Url | 1 | http://waels.onlinewebshop.net/st/wa.txt |
|
| Details | Url | 1 | http://pootball.medianewsonline.com/ro/ki.txt |
|
| Details | Url | 1 | http://yanggucam.designsoup.co.kr/user/views/board/skin/secret/css/list.php?query=1 |
|
| Details | Url | 1 | http://samsoding.homm7.gethompy.com/plugins/dropzone/min/css/list.php?query=1 |
|
| Details | Url | 1 | http://www.mechapia.com/_admin/nicerlnm/web/style/list.php?query=1 |
|
| Details | Url | 1 | http://miracle.designsoup.co.kr/user/views/resort/controller/css/update/list.php?query=1 |
|
| Details | Url | 1 | http://cwda.co.kr/theme/basic/skin/new/basic/update/list.php?query=1 |
|
| Details | Url | 1 | http://cwda.co.kr/theme/basic/skin/new/basic/update/normal.dotm?q=6 |
|
| Details | Url | 1 | http://heritage2020.cafe24.com/plugin/kcpcert/bin/list.php?query=1 |
|
| Details | Url | 1 | http://www.inonix.co.kr/kor/page/product/_notes/list.php?query=1 |
|
| Details | Url | 1 | http://www.inonix.co.kr/kor/page/product/_notes/tmp/?q=6 |
|
| Details | Url | 1 | http://beilksa.scienceontheweb.net/cookie/select/log/list.php?query=1 |
|
| Details | Url | 2 | http://beilksa.scienceontheweb.net/cookie/select/log/tmp?q=6 |
|
| Details | Url | 3 | http://www.inonix.co.kr/kor/board/widgets/mcontent/skins/tmp?q=6 |
|
| Details | Url | 3 | http://koreacit.co.kr/skin/new/basic/update/temp?q=6 |
|
| Details | Url | 3 | https://reform-ouen.com/wp-includes/css/dist/nux/dotm/dwn.php?id=0119 |
|
| Details | Url | 3 | http://www.anpcb.co.kr/plugin/sns/facebook/src/update/normal.dotm?q=6 |
|
| Details | Url | 1 | http://wbg0909.scienceontheweb.net/0412/download.php? |
|
| Details | Url | 5 | https://smyun0272.blogspot.com/2021/06/dootakim.html |
|
| Details | Url | 1 | http://alyssalove.getenjoyment.net/0423/v.php? |
|
| Details | Url | 1 | https://1ive.me/ww/mac/0526_sim/d.php?na=version.gif |
|
| Details | Url | 2 | https://onedrive.live.com/?authkey= |
|
| Details | Url | 1 | https://worldinfocontact.club/111/mac3.php?na= |
|
| Details | Url | 1 | https://worldinfocontact.club/111/bill/cow.php?op=1drop.bat |
|
| Details | Url | 1 | https://worldinfocontact.club/111/bill/expres.php?op=2 |
|
| Details | Url | 1 | http://nuclearpolicy101.org/wp-admin/includes/0421/d.php?na=dot.gif |
|
| Details | Url | 2 | http://nuclearpolicy101.org/wp-admin/includes/0421/d.php?na=vbtmp |
|
| Details | Url | 2 | http://kr2959.atwebpages.com/view.php?id=2 |
|
| Details | Url | 2 | http://kr2959.atwebpages.com/view.php?id=21504 |