ioc[.]one - OSINT Cyber Threat Intelligence Database

Kimsuky deploys TRANSLATEXT to target South Korean academia

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Masquerading
country:	North Korea South Korea
attack-pattern:	Data Model Application Layer Protocol - T1437 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Dead Drop Resolver - T1102.001 Dead Drop Resolver - T1481.001 Domains - T1583.001 Domains - T1584.001 Email Addresses - T1589.002 Exfiltration Over C2 Channel - T1646 Hooking - T1617 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Powershell - T1059.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Service - T1481 Standard Application Layer Protocol - T1071 Browser Extensions - T1176 Command-Line Interface - T1059 Exfiltration Over Command And Control Channel - T1041 Hooking - T1179 Masquerading - T1036 Powershell - T1086 Screen Capture - T1113 Scripting - T1064 Web Service - T1102 Hooking Masquerading Screen Capture Scripting

Show in Graph

Common Information

Type	Value
UUID	3d8983ba-efbe-48bd-adab-0eeac7c58aa8
Fingerprint	2c4e94d20db622c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 1, 2024, midnight
Added to db	Aug. 31, 2024, 10:41 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Kimsuky deploys TRANSLATEXT to target South Korean academia
Title	Kimsuky deploys TRANSLATEXT to target South Korean academia
Detected Hints/Tags/Attributes	94/3/62

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	405	✔	Blogs Feed	https://www.zscaler.com/blogs/feeds	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	454	www.google.com
Details	Domain	4127	github.com
Details	Domain	291	raw.githubusercontent.com
Details	Domain	1	nid.naver.com
Details	Domain	3	accounts.kakao.com
Details	Domain	49	mail.google.com
Details	Domain	1	onewithshare.blogspot.com
Details	Domain	1	webman.w3school.cloudns.nz
Details	Domain	6	r-e.kr
Details	Domain	1	viaweb.co.kr
Details	Domain	5	p-e.kr
Details	Domain	5	o-r.kr
Details	Domain	1	sdfa.liveblog365.com
Details	Domain	1	ney.r-e.kr
Details	File	5	update.xml
Details	File	1	ter.txt
Details	File	86	manifest.json
Details	File	1	16.png
Details	File	2	19.png
Details	File	2	32.png
Details	File	1	38.png
Details	File	1	48.png
Details	File	3	128.png
Details	File	40	background.js
Details	File	16	auth.js
Details	File	1	gsuit.js
Details	File	17	content.js
Details	File	2	10.html
Details	File	94	config.php
Details	File	2	allow.txt
Details	File	4	error.txt
Details	File	1	tys.txt
Details	File	1	hades.txt
Details	File	1	babyhades.txt
Details	File	1	tys.php
Details	Github username	1	helperdav
Details	md5	1	bba3b15bad6b5a80ab9fa9a49b643658
Details	md5	1	38e27983c757374d9bae36a2e2520e8e
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	30	T1176
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	18	T1102.001
Details	MITRE ATT&CK Techniques	422	T1041
Details	Threat Actor Identifier - APT	115	APT43
Details	Url	1	http://www.google.com/update2/response
Details	Url	1	https://github.com/cmastern/motorcycle/raw/main/googletranslate.crx
Details	Url	1	https://raw.githubusercontent.com/helperdav/web/main/update.xml
Details	Url	1	https://nid.naver.com
Details	Url	3	https://accounts.kakao.com
Details	Url	9	https://mail.google.com
Details	Url	1	https://onewithshare.blogspot.com/2023/04/10.html
Details	Url	1	https://webman.w3school.cloudns.nz/config.php
Details	Url	1	http://viaweb.co.kr
Details	Url	1	http://sdfa.liveblog365.com/ares/hades.txt
Details	Url	1	http://sdfa.liveblog365.com/ares/babyhades.txt
Details	Url	1	http://ney.r-e.kr/mar/tys.txt
Details	Url	1	http://ney.r-e.kr/mar/tys.php
Details	Url	1	https://webman.w3school.cloudns.nz
Details	Url	1	https://github.com/cmastern
Details	Windows Registry Key	1	HKCU\Software\Policies\Google\Chrome\ExtensionInstallForcelist