ioc[.]one - OSINT Cyber Threat Intelligence Database

OnionDog is not a Targeted Attack—It’s a Cyber Drill

Tags

country:	North Korea South Korea United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Bypass User Account Control - T1548.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 Bypass User Account Control - T1088

Show in Graph

Common Information

Type	Value
UUID	4d891d28-2bc5-4acb-86c8-7a35e379060d
Fingerprint	2489db84b2a09e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 9, 2017, midnight
Added to db	Oct. 15, 2024, 5:11 p.m.
Last updated	Nov. 18, 2024, 12:28 p.m.
Headline	OnionDog is not a Targeted Attack—It’s a Cyber Drill
Title	OnionDog is not a Targeted Attack—It’s a Cyber Drill
Detected Hints/Tags/Attributes	61/3/34

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ca/research/17/h/oniondog-not-targeted-attack-cyber-drill.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	korea.kr.ncsc.go.kr
Details	Domain	1	cyber.ncsc.go.kr
Details	Domain	1	drill12.ncsc.go.kr
Details	Domain	1	dril113.ncsc.go.kr
Details	Domain	2	ncsc.go.kr
Details	Domain	1	drill14.kr.ncsc.go.kr
Details	Domain	1	onion.city
Details	File	1260	explorer.exe
Details	sha256	2	dbb0878701b8512daa057c93d9653f954dde24a25306dcee014adf7ffff0bdb4
Details	sha256	2	f8c71f34a6cfdc9e3c4a0061d5e395ffe11d9d9e77abe1a5d4b6f335d08da130
Details	sha256	2	7564990506f59660c1a434ce1526b2aea35a51f97b8a490353eece18ec10b910
Details	sha256	2	8b91cfd40529b5667bbdab970d8dba05fca0952fffba8ccbb1ad9549d204ba85
Details	sha256	2	e20d0a8e1dec96ed20bd476323409f8f5c09531777207cfeda6b7f3573426104
Details	sha256	2	7461e8b7416bf8878d20a696a27ccf378c93afc6c8f120840c3738b9508839d2
Details	sha256	2	04e87e473d34974874dd0a5289433c95ef27a3405ba9ad933800b1b855e6e21a
Details	sha256	2	caf4b03118e5c5580c67b094d58389ade565d5ae82c392bb61fc0166063e845a
Details	sha256	2	46fb5bcea417d7ff38edff7e39982aa9f89f890a97d8a0218b6c0f96a5e9bad2
Details	sha256	2	1ffa34f88855991bdc9a153e01c9e18074ba52a773f4da390c4b798df6e6dc4e
Details	sha256	2	fa5799c25b5ea2ecb24ee982a202e68aad77db7e6b18f37151fa744010f69979
Details	sha256	2	1e926d83c25320bcc1f9497898deac05dff096b22789f1ac1f63c46d2c1c16a7
Details	sha256	2	65d226469d6bdb1e7056864fe6d3866c8c72613b6b61a59547ef9c36eda177dd
Details	sha256	2	0ea456fd1274a784924d27beddc1a5caa4aa2f8c5abdf86eb40637fe42b43a7f
Details	sha256	2	b35b7a1b437d5998b77e10fdbf166862381358250cf2d1b34b61cf682157ff19
Details	sha256	2	6dd79b5b9778dc0b0abefa26193321444236a1525d03227f150e6e968999fea5
Details	sha256	2	999c1d4c070e6817c3d447cf9b9869b63e82c21c6e01c6ea740fbed38b730e6e
Details	sha256	2	19e3aa92bc16915d9f3ff17731caf43519169fddda4910ad5becb71ef87a29d5
Details	sha256	2	fd03f3f65979ec7b8b6055f92f023b08f57c3095557d1f00d88f01f4d4cb46b7
Details	IPv4	1	221.149.223.209
Details	IPv4	1	112.169.154.65
Details	IPv4	1	221.149.32.213
Details	IPv4	1	220.85.160.3
Details	IPv4	1	222.107.13.113
Details	IPv4	1	218.145.131.130
Details	IPv4	1	218.153.172.53