Tracking ‘Kimsuky’, the North Korea-based cyber espionage group: Part 1
Tags
country: North Korea South Korea Norway United Kingdom
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID c2b7c2c7-3ee8-4511-878c-2f3afa14e939
Fingerprint 31f8cdb3011f06e0
Analysis status DONE
Considered CTI value 1
Text language
Published Feb. 18, 2020, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 8, 2024, 9:30 a.m.
Headline Tracking ‘Kimsuky’, the North Korea-based cyber espionage group: Part 1
Title Tracking ‘Kimsuky’, the North Korea-based cyber espionage group: Part 1
Detected Hints/Tags/Attributes 48/3/13
Source URLs
Redirection Url
Details Source https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-1.html
Details Source https://www.pwc.co.uk/issues/cyber-security-services/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-1.html
URL Provider
Details Provider Source level domain
Details pwc.co.uk www.pwc.co.uk
Attributes
Details Type #Events CTI Value
Details Domain 1 
user-daum-centre.pe.hu
Details Domain 2 
rrnaver.com
Details Domain 1 
nortice-centre.esy.es
Details Domain 1 
kakao-check.esy.es
Details Domain 2 
pe.hu
Details Domain 1 
hol.es
Details Domain 2 
esy.es
Details Domain 1 
890m.com
Details IPv4 1 
185.224.137.0
Details IPv4 1 
185.224.138.0
Details IPv4 2 
185.224.137.164
Details Threat Actor Identifier - APT 277 
APT37
Details Url 1 
http://nortice-centre.esy.es/down