ioc[.]one - OSINT Cyber Threat Intelligence Database

Korea In The Crosshairs

Tags

cmtmf-attack-pattern:	Process Injection
country:	North Korea Netherlands South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Injection - T1631 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Process Injection - T1055 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	a2cff220-52f9-4a61-8bd5-98162bd0237c
Fingerprint	2844095b0585cfcb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 16, 2018, 12:57 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Vulnerability Information
Title	Korea In The Crosshairs
Detected Hints/Tags/Attributes	113/4/115

Source URLs

	Redirection	Url
Details	Source	http://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html
Details	Source	https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	CVE	7	cve-2013-0808
Details	CVE	269	cve-2017-0199
Details	Domain	3	yonsei.ac.kr
Details	Domain	4	discgolfglow.com
Details	Domain	4	acddesigns.com.au
Details	Domain	87	www.amazon.com
Details	Domain	7	www.hulu.com
Details	Domain	3	www.kgls.or.kr
Details	Domain	2	old.jrchina.com
Details	Domain	150	www.w3.org
Details	Domain	372	wscript.shell
Details	Domain	1	owfrcln0gij.run
Details	Domain	339	system.net
Details	Domain	74	adodb.stream
Details	Domain	6	binarystream.open
Details	Domain	2	60chicken.co.kr
Details	Domain	3	rohitab.com
Details	Domain	2	www.imuz.com
Details	Domain	2	www.wildrush.co.kr
Details	Domain	2	www.belasting-telefoon.nl
Details	Domain	261	blog.talosintelligence.com
Details	Email	3	kgf2016@yonsei.ac.kr
Details	File	3	worker.jpg
Details	File	4	kingstone.jpg
Details	File	4	watchcom.jpg
Details	File	4	episode3.mp4
Details	File	376	wscript.exe
Details	File	1206	index.php
Details	File	3	02bc6b26_put.jpg
Details	File	11	'index.php
Details	File	2	'officepatch.exe
Details	File	2	udel_calcel.php
Details	File	1209	powershell.exe
Details	File	1	webbrowser1094826604.tmp
Details	File	1	alitmp0131.jpg
Details	File	1	alitmp0132.jpg
Details	File	1	alitmp0133.js
Details	File	2	appach01.jpg
Details	File	2	appach02.jpg
Details	File	3	windows-kb275122-x86.exe
Details	File	2	windows-kb271854-x86.exe
Details	File	2	wsatra.tmp
Details	File	1	udel_confirm.php
Details	File	2	c:\programdata\hncmoduleupdate.exe
Details	File	46	microsoft.xml
Details	File	4	el.dat
Details	File	1	hncmoduleupdate.exe
Details	File	2127	cmd.exe
Details	File	83	sbiedll.dll
Details	File	54	dbghelp.dll
Details	File	21	api_log.dll
Details	File	19	dir_watch.dll
Details	File	2	logo1.png
Details	File	5	123.php
Details	File	2	webproxy.php
Details	File	2	korean-maldoc.html
Details	File	2	introducing-rokrat.html
Details	File	2	rokrat-reloaded.html
Details	sha256	2	7d163e36f47ec56c9fe08d758a0770f1778fa30af68f39aac80441a3f037761e
Details	sha256	2	5441f45df22af63498c63a49aae82065086964f9067cfa75987951831017bd4f
Details	sha256	2	cd166565ce09ef410c5bba40bad0b49441af6cfb48772e7e4a9de3d646b4851c
Details	sha256	2	051463a14767c6477b6dacd639f30a8a5b9e126ff31532b58fc29c8364604d00
Details	sha256	2	281828d6f5bd377f91c6283c34896d0483b08ac2167d34e981fbea871893c919
Details	sha256	2	95192de1f3239d5c0a7075627cf9845c91fd397796383185f61dde893989c08a
Details	sha256	2	7ebc9a1fd93525fc42277efbccecf5a0470a0affbc4cf6c3934933c4c1959eb1
Details	sha256	2	6c372f29615ce8ae2cdf257e9f2617870c74b321651e9219ea16847467f51c9f
Details	sha256	2	19e4c45c0cd992564532b89a4dc1f35c769133167dc20e40b2a41fccb881277b
Details	sha256	2	3a0fc4cc145eafe20129e9c53aac424e429597a58682605128b3656c3ab0a409
Details	sha256	2	7d8008028488edd26e665a3d4f70576cc02c237fffe5b8493842def528d6a1d8
Details	sha256	2	7e810cb159fab5baccee7e72708d97433d92ef6d3ef7d8b6926c2df481ccac2f
Details	sha256	2	21b098d721ea88bf237c08cdb5c619aa435046d9143bd4a2c4ec463dcf275cbe
Details	sha256	2	761454dafba7e191587735c0dc5c6c8ab5b1fb87a0fa44bd046e8495a27850c7
Details	sha256	2	3d442c4457cf921b7a335c0d7276bea9472976dc31af94ea0e604e466596b4e8
Details	sha256	2	930fce7272ede29833abbfb5df4e32eee9f15443542434d7a8363f7a7b2d1f00
Details	sha256	2	4b20883386665bd205ac50f34f7b6293747fd720d602e2bb3c270837a21291b4
Details	sha256	2	f080f019073654acbe6b7ab735d3fd21f8942352895890d7e8b27fa488887d08
Details	sha256	1	6332c97c76d2da7101ad05f501dc1188ac22ce29e91dab6d0c034c4a90b615bd
Details	sha256	1	f1419cde4dd4e1785d6ec6d33afb413e938f6aece2e8d55cf6328a9d2ac3c2d0
Details	sha256	1	a585849d02c94e93022c5257b162f74c0cdf6144ad82dd7cf7ac700cbfedd84f
Details	sha256	2	1893af524edea4541c317df288adbf17ae4fcc3a30d403331eae541281c71a3c
Details	sha256	2	35273d6c25665a19ac14d469e1436223202be655ee19b5b247cb1afef626c9f2
Details	sha256	3	7f35521cdbaa4e86143656ff9c52cef8d1e5e5f8245860c205364138f82c54df
Details	sha256	4	99c1b4887d96cb94f32b280c1039b3a7e39ad996859ffa6dd011cf3cca4f1ba5
Details	sha256	2	171e26822421f7ed2e34cc092eaeba8a504b5d576c7fd54aa6975c2e2db0f824
Details	sha256	3	a29b07a6fe5d7ce3147dd7ef1d7d18df16e347f37282c43139d53cce25ae7037
Details	sha256	2	eb6d25e08b2b32a736b57f8df22db6d03dc82f16da554f4e8bb67120eacb1d14
Details	sha256	3	9b383ebc1c592d5556fec9d513223d4f99a5061591671db560faf742dd68493f
Details	sha256	3	b3de3f9309b2f320738772353eb724a0782a1fc2c912483c036c303389307e2e
Details	sha256	1	f068196d2c492b49e4aae4312c140e9a6c8c61a33f61ea35d74f4a26ef263ead
Details	sha256	1	bdd48dbed10f74f234ed38908756b5c3ae3c79d014ecf991e31b36d957d9c950
Details	sha256	1	3f7827bf26150ec26c61d8dbf43cdb8824e320298e7b362d79d7225ab3d655b1
Details	Pdb	3	e:\happy\work\source\version 12\t+m\result\docprint.pdb
Details	Pdb	1	erasepartition.pdb
Details	Pdb	2	e:\big_pooh\project\milk\release\milk.pdb
Details	Pdb	3	d:\highschool\version 13\2ndbd\t+m\t+m\result\docprint.pdb
Details	Pdb	2	dogcall.pdb
Details	Url	2	http://discgolfglow.com:/wp-content/plugins/maintenance/images/worker.jpg
Details	Url	3	http://acddesigns.com.au/clients/acprcm/kingstone.jpg
Details	Url	3	https://www.amazon.com/men-war-pc/dp/b001qzgvec/esoftteam/watchcom.jpg
Details	Url	4	http://www.hulu.com/watch/559035/episode3.mp4
Details	Url	1	http://old.jrchina.com/btob_asiana/udel_calcel.php?fdid=[base64_data]
Details	Url	5	http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd
Details	Url	21	http://www.w3.org/1999/xhtml
Details	Url	2	http://old.jrchina.com/btob_asiana/appach01.jpg
Details	Url	2	http://old.jrchina.com/btob_asiana/appach02.jpg
Details	Url	2	http://old.jrchina.com/btob_asiana/udel_ok.ipp
Details	Url	1	http://old.jrchina.com/btob_asiana/udel_confirm.php
Details	Url	1	http://60chicken.co.kr/wysiwyg/peg_temp/logo1.png
Details	Url	2	http://discgolfglow.com/wp-content/plugins/maintenance/images/worker.jpg
Details	Url	1	http://blog.talosintelligence.com/2017/02/korean-maldoc.html
Details	Url	2	http://blog.talosintelligence.com/2017/04/introducing-rokrat.html
Details	Url	2	http://blog.talosintelligence.com/2017/11/rokrat-reloaded.html
Details	Windows Registry Key	7	HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Windows\CurrentVersion\Run\runsample
Details	Windows Registry Key	4	HKLM\System\CurrentControlSet\Services\mssmbios\Data\SMBiosData