ioc[.]one - OSINT Cyber Threat Intelligence Database

Analysis of APT-C-60 Attack on South Korea

Tags

country:	China North Korea South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Server - T1583.004 Server - T1584.004 Whois - T1596.002 Mshta - T1170

Show in Graph

Common Information

Type	Value
UUID	51996546-7d55-4100-a3ed-eba237897693
Fingerprint	318d1959efe5070c
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 20, 2022, midnight
Added to db	Dec. 17, 2024, 10:55 a.m.
Last updated	Dec. 17, 2024, 10:59 a.m.
Headline	Details
Title	Analysis of APT-C-60 Attack on South Korea
Detected Hints/Tags/Attributes	79/3/81

Source URLs

	Redirection	Url
Details	Source	https://threatbook.io/blog/id/1083
Details	Source	https://threatbook.io/blog/Analysis-of-APT-C-60-Attack-on-South-Korea

URL Provider

Details	Provider	Source level domain
Details	threatbook.io	threatbook.io

Attributes

Details	Type	#Events	Value
Details	Url	1	http://131.226.4.22/manager/jxqpe5t2ncn747up.bmp
Details	Url	1	http://185.145.97.62/cache/a1
Details	Url	1	http://185.145.97.62/cache/a2
Details	Url	1	http://185.207.206.108/premium/p1/whzazvryvjtn.bmp
Details	Url	1	http://82.221.129.104/k0201.txt
Details	Url	1	http://82.221.129.104/k0201jo.txt
Details	Url	1	http://82.221.136.60/ping/a22.txt
Details	Url	1	https://160.20.147.118/a78550e6101938c7f5e8bfb170db4db2/command.asp
Details	Url	1	https://160.20.147.118/a78550e6101938c7f5e8bfb170db4db2/result.asp
Details	Url	1	https://bitbucket.org:443/grand9_neat/well/downloads/19164.bmp
Details	Url	1	https://bitbucket.org/miravos/style/downloads/1932.bmp
Details	Url	1	https://bitbucket.org/miravos/style/downloads/1964.bmp
Details	Url	1	https://bitbucket.org/sorakas/mod/downloads/1932.bmp
Details	Url	1	https://bitbucket.org/sorakas/mod/downloads/1964.bmp
Details	Url	1	https://c.statcounter.com/12733057/0/f9b868f1/1
Details	Url	1	https://c.statcounter.com:443/12733057/0/f9b868f1/1
Details	Url	1	https://c.statcounter.com/12557354/0/adafe4e4/1
Details	Url	1	https://c.statcounter.com/12557356/0/d8c85be6/1
Details	Domain	92	bitbucket.org
Details	Domain	20	statcounter.com
Details	Domain	1	hss.de
Details	Domain	3	cloud.mail.ru
Details	Domain	133	api.ipify.org
Details	Domain	22	www.secrss.com
Details	Email	1	seliger@hss.de
Details	File	2	mssysmon.db
Details	File	13	taskcontroler.dll
Details	File	5	korea.docx
Details	File	1	%appdata%\microsoft\internet explorer\userdata\temp\mssysmon.db
Details	File	1	sourcea.php
Details	File	1	msiobj.dll
Details	File	1	htbxtdqjjhmi.bmp
Details	File	1	19132.bmp
Details	File	1	19164.bmp
Details	File	1	msiobjs.dll
Details	File	1	msiobj0.dll
Details	File	1	wcts66889.tmp
Details	File	1	cheack.php
Details	File	1	jxqpe5t2ncn747up.bmp
Details	File	1	whzazvryvjtn.bmp
Details	File	1	k0201.txt
Details	File	1	k0201jo.txt
Details	File	1	a22.txt
Details	File	3	command.asp
Details	File	4	result.asp
Details	File	1	1932.bmp
Details	File	1	1964.bmp
Details	md5	1	90b149c69b149c4b99c04d1dc9b940b9
Details	md5	4	a78550e6101938c7f5e8bfb170db4db2
Details	sha256	1	13f09fd98259e6636e523fb8254cf9e8b5c562605dbf826cf2fc3ae57ed09c77
Details	sha256	1	266ee1b357cad72a1a9d0a1a6f7d3f0a53fce60b885ba0983a20d813c22b3009
Details	sha256	1	74b34adf28552f380163346c151c7dfdcac70e5df2187374113b891e7740ad91
Details	sha256	1	7c4fb90eeb997555dc5d4c1ccbe26a5ae1a3cda4ef5571eb3a83c4ac50ffd906
Details	sha256	1	7ec34297e0c4e5b1bb315be24d7259211ab658112dc0f9d6d7271544f87244e0
Details	sha256	1	92912bfb10b475958ab1bae510be6829c2eb11b8eb5fd365321db642457328da
Details	sha256	1	9bb60e54c09934c559c7dc0bb0eb0527a7e2e066cd1c452ed4f4519025d1f9b0
Details	sha256	1	a995f4e4e5bec985ea974dac2a65056e7ab9f2b80430d94857530bedef5e74f6
Details	sha256	1	b2dd50760765abfbed0a7db480d4429228b165cb23b720d11abc4390c30a26fc
Details	sha256	1	bc879fe3e928ca9c1de4b9a600716f2076e6ce371313255797fb312cf9f7dd04
Details	sha256	1	bffacbb0b54a3b1dd6f25686d2486d0a064f5e8eedefb4e572740f7b63ba4fa4
Details	sha256	1	dbc1754de49824d25ef6d9cc338512a61d56ec14363355e68acfc6f450c2c0e4
Details	sha256	1	e869e82a9f44d81b272e53b449da7c8c4a667cf26dea8dee67086726ab22c500
Details	sha256	1	edec420761cd95ba706c9f50f29bbb76786d5279c4ada162f513e0cb1fa4cf84
Details	sha256	1	ee862a3d57e45a2b29da9e74987016061e225df71a558c6a42f0819cc7496664
Details	sha256	1	f50cd82717837a5b5fb985c8f080fa3d5cabb05b146aed14e3810ae90fb37e01
Details	IPv4	1	162.222.214.50
Details	IPv4	1	185.207.206.108
Details	IPv4	1	160.20.147.118
Details	IPv4	1	131.226.4.22
Details	IPv4	1	185.145.97.62
Details	IPv4	1	82.221.129.104
Details	IPv4	1	82.221.136.60
Details	Threat Actor Identifier - APT-C	46	APT-C-60
Details	Url	1	http://162.222.214.50/temp/sourcea.php
Details	Url	1	https://c.statcounter.com/12733057/0/f9b868f1/1/.
Details	Url	1	http://185.207.206.108/premium/p1/htbxtdqjjhmi.bmp
Details	Url	1	https://bitbucket.org/grand9_neat/well/downloads/19132.bmp
Details	Url	1	https://bitbucket.org/grand9_neat/well/downloads/19164.bmp
Details	Url	28	https://api.ipify.org
Details	Url	1	https://www.secrss.com/articles/36606
Details	Url	1	http://185.145.97.62/temp/cheack.php