Kimsuky’s GoldDragon cluster and its C2 operations
Tags
Common Information
| Type | Value |
|---|---|
| UUID | e5902686-89dd-455f-a0f0-47de2112f25f |
| Fingerprint | a482a0d33d668f0f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 25, 2022, 1 a.m. |
| Added to db | Sept. 11, 2022, 12:46 p.m. |
| Last updated | Nov. 17, 2024, 9:42 p.m. |
| Headline | Kimsuky’s GoldDragon cluster and its C2 operations |
| Title | Kimsuky’s GoldDragon cluster and its C2 operations |
| Detected Hints/Tags/Attributes | 77/2/159 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 223 | ✔ | Securelist | https://securelist.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | weworld59.myartsonline.com |
|
| Details | Domain | 49 | mail.google.com |
|
| Details | Domain | 31 | naver.com |
|
| Details | Domain | 3 | kisa.or.kr |
|
| Details | Domain | 2 | leehr24.mywebcommunity.org |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 15 | objshell.run |
|
| Details | Domain | 4 | winhttpreq.open |
|
| Details | Domain | 22 | blogspot.com |
|
| Details | Domain | 2 | ac.kr |
|
| Details | Domain | 1174 | gmail.com |
|
| Details | Domain | 2 | attach.42web.io |
|
| Details | Domain | 2 | attachment.a0001.net |
|
| Details | Domain | 2 | bigfile.totalh.net |
|
| Details | Domain | 2 | clouds.rf.gd |
|
| Details | Domain | 2 | global.onedriver.epizy.com |
|
| Details | Domain | 2 | global.web1337.net |
|
| Details | Domain | 2 | leehr36.mypressonline.com |
|
| Details | Domain | 2 | weworld78.atwebpages.com |
|
| Details | Domain | 2 | weworld79.mygamesonline.org |
|
| Details | Domain | 2 | glib-warnings.000webhostapp.com |
|
| Details | Domain | 4 | 0knw2300.mypressonline.com |
|
| Details | Domain | 2 | 21nari.getenjoyment.net |
|
| Details | Domain | 2 | 21nari.mypressonline.com |
|
| Details | Domain | 2 | 21nari.scienceontheweb.net |
|
| Details | Domain | 2 | chmguide.atwebpages.com |
|
| Details | Domain | 2 | chunyg21.sportsontheweb.net |
|
| Details | Domain | 2 | faust22.mypressonline.com |
|
| Details | Domain | 2 | hochdlincheon.mypressonline.com |
|
| Details | Domain | 2 | hochuliasdfasfdncheon.mypressonline.com |
|
| Details | Domain | 2 | hochulidncheon.mypressonline.com |
|
| Details | Domain | 2 | hochulincddheon.mypressonline.com |
|
| Details | Domain | 2 | hochulincheon.mypressonline.com |
|
| Details | Domain | 1 | hochulindcheon.mypressonline.com |
|
| Details | Domain | 1 | hochulindddcheon.mypressonline.com |
|
| Details | Domain | 1 | hochulinsfdgasdfcheon.mypressonline.com |
|
| Details | Domain | 2 | koreajjjjj.atwebpages.com |
|
| Details | Domain | 3 | koreajjjjj.sportsontheweb.net |
|
| Details | Domain | 2 | kpsa20201.getenjoyment.net |
|
| Details | Domain | 3 | o61666ch.getenjoyment.net |
|
| Details | Domain | 4 | yulsohnyonsei.atwebpages.com |
|
| Details | Domain | 4 | yulsohnyonsei.atwewbpages.com |
|
| Details | Domain | 3 | yulsohnyonsei.medianewsonline.com |
|
| Details | Domain | 2 | dmengineer.co.kr |
|
| Details | Domain | 2 | 225b4d3c305f43e1a590.blogspot.com |
|
| Details | Domain | 2 | 3a8f846675194d779198.blogspot.com |
|
| Details | Domain | 2 | c52ac2f8ac0693d8790c.blogspot.com |
|
| Details | Domain | 2 | leejong-sejong.blogspot.com |
|
| Details | 1 | lee****@gmail.com |
||
| Details | 1 | chon****@naver.com |
||
| Details | 1 | scc*****@naver.com |
||
| Details | 1 | thk*****@naver.com |
||
| Details | 1 | kim*****@gmail.com |
||
| Details | 1 | jung******@gmail.com |
||
| Details | 1 | sung*********@gmail.com |
||
| Details | File | 98 | download.php |
|
| Details | File | 1 | v.doc |
|
| Details | File | 1 | un.doc |
|
| Details | File | 1 | _downhistory.txt |
|
| Details | File | 1205 | index.php |
|
| Details | File | 2 | allow.txt |
|
| Details | File | 4 | error.txt |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 4 | h.php |
|
| Details | File | 85 | log.txt |
|
| Details | File | 4 | h.txt |
|
| Details | File | 49 | info.php |
|
| Details | File | 17 | s.php |
|
| Details | File | 1 | defs.ini |
|
| Details | File | 48 | 1.html |
|
| Details | File | 1 | 사례비지급의뢰서.doc |
|
| Details | File | 1 | honorarium.doc |
|
| Details | File | 1 | 외교안보전망-봉영식.doc |
|
| Details | File | 1 | kima_2022_4_신정부의_외교안보전망_봉영식.doc |
|
| Details | File | 1 | v0412.doc |
|
| Details | File | 1 | 심사논문.doc |
|
| Details | File | 1 | 참고자료.doc |
|
| Details | File | 1 | kisa_readme.chm |
|
| Details | File | 1 | dwonload.php |
|
| Details | md5 | 3 | 238e6952a990fd3f6b75569feceb26a2 |
|
| Details | md5 | 3 | edde6a385c86f60342831f24c3651925 |
|
| Details | md5 | 3 | b6ba7e07b4867e4bd36dc9713744aedc |
|
| Details | md5 | 3 | 7a3e966d30fe5d52cfe97d998e8c49cb |
|
| Details | md5 | 3 | 596251e844abdaa77eeca905f0cb7677 |
|
| Details | md5 | 3 | 3fa45dcacf2193759086319c0d264341 |
|
| Details | md5 | 3 | 75ae786fe89491dc57509801c212fa8b |
|
| Details | md5 | 3 | c0097cfa2e05ab1d18cf3dad93d98050 |
|
| Details | md5 | 3 | b80d15cbb729e6ca86e3b41924407c30 |
|
| Details | md5 | 3 | 85f24b0f10b77b033e6e66ae8b7d55fc |
|
| Details | md5 | 3 | 40de99fb06e52e3364f2cd70f100ff71 |
|
| Details | md5 | 2 | 5f38c57f83ee5d682ddf692442204fba |
|
| Details | md5 | 3 | b237b484c5c0fb020952e99b1134a527 |
|
| Details | md5 | 3 | 96f5ef3d58a750a6db60f2e0566dc6e6 |
|
| Details | md5 | 3 | 3265b2d5e61971c43a076347fb405c4b |
|
| Details | md5 | 3 | d9f2acfed7ede76f110334e2c572b74e |
|
| Details | md5 | 3 | c4a69dab3f8369d2f823c538590de345 |
|
| Details | md5 | 3 | 490b2496434e6a20dae758d0b6fc6e00 |
|
| Details | md5 | 3 | 56b5fec59e118ba324ccee8a336f7f12 |
|
| Details | md5 | 3 | 56df55ef50e9b9c891437c7148a0764a |
|
| Details | md5 | 3 | 8289771e7eeffd28fb8a9e1bdeb3e86c |
|
| Details | md5 | 3 | dfb8d00ce89172bfc7ee7b73b37129a9 |
|
| Details | md5 | 3 | 7fb868e6baf93a86d7a6a17ac00f4827 |
|
| Details | Url | 9 | https://mail.google.com |
|
| Details | Url | 2 | http://leehr24.mywebcommunity.org/h.php |
|
| Details | Url | 2 | http://leehr36.mypressonline.com/h.php |
|
| Details | Url | 2 | http://weworld59.myartsonline.com/h.php |
|
| Details | Url | 2 | http://weworld78.atwebpages.com/info.php?ki87ujhy= |
|
| Details | Url | 2 | http://weworld78.atwebpages.com/s.php |
|
| Details | Url | 2 | http://weworld78.atwebpages.com/hta.php |
|
| Details | Url | 2 | http://weworld79.mygamesonline.org/hta.php |
|
| Details | Url | 2 | http://glib-warnings.000webhostapp.com/info.php?ki87ujhy= |
|
| Details | Url | 2 | http://glib-warnings.000webhostapp.com/s.php |
|
| Details | Url | 2 | http://glib-warnings.000webhostapp.com/hta.php |
|
| Details | Url | 4 | http://0knw2300.mypressonline.com/d.php |
|
| Details | Url | 2 | http://21nari.getenjoyment.net/info.php?ki87ujhy= |
|
| Details | Url | 2 | http://21nari.mypressonline.com/s.php |
|
| Details | Url | 2 | http://21nari.scienceontheweb.net/r.php |
|
| Details | Url | 1 | http://chmguide.atwebpages.com/?key=cwflq2hcu3ztaunha3hvagdzsxryqt09 |
|
| Details | Url | 2 | http://chunyg21.sportsontheweb.net/info.php?ki87ujhy= |
|
| Details | Url | 2 | http://chunyg21.sportsontheweb.net/s.php |
|
| Details | Url | 2 | http://faust22.mypressonline.com/1.txt |
|
| Details | Url | 2 | http://faust22.mypressonline.com/info.php |
|
| Details | Url | 2 | http://hochdlincheon.mypressonline.com/f.txt |
|
| Details | Url | 1 | http://hochuliasdfasfdncheon.mypressonline.com/report.php?filename= |
|
| Details | Url | 2 | http://hochulidncheon.mypressonline.com/c.txt |
|
| Details | Url | 2 | http://hochulidncheon.mypressonline.com/k.txt |
|
| Details | Url | 2 | http://hochulincddheon.mypressonline.com/post.php |
|
| Details | Url | 2 | http://hochulincheon.mypressonline.com/c.txt |
|
| Details | Url | 2 | http://hochulincheon.mypressonline.com/down.php |
|
| Details | Url | 1 | http://hochulincheon.mypressonline.com/f.txt |
|
| Details | Url | 1 | http://hochulincheon.mypressonline.com/k.txt |
|
| Details | Url | 1 | http://hochulincheon.mypressonline.com/post.php |
|
| Details | Url | 1 | http://hochulincheon.mypressonline.com/report.php?filename= |
|
| Details | Url | 1 | http://hochulincheon.mypressonline.com/w.txt |
|
| Details | Url | 1 | http://hochulincheon.mypressonline.com/h.php |
|
| Details | Url | 1 | http://hochulindcheon.mypressonline.com/w.txt |
|
| Details | Url | 1 | http://hochulindddcheon.mypressonline.com/post.php |
|
| Details | Url | 1 | http://hochulinsfdgasdfcheon.mypressonline.com/post.php |
|
| Details | Url | 2 | http://koreajjjjj.atwebpages.com/1.hta |
|
| Details | Url | 2 | http://koreajjjjj.sportsontheweb.net/k.php |
|
| Details | Url | 2 | http://kpsa20201.getenjoyment.net/d.php |
|
| Details | Url | 3 | http://o61666ch.getenjoyment.net/post.php |
|
| Details | Url | 2 | http://o61666ch.getenjoyment.net/report.php?filename= |
|
| Details | Url | 4 | http://yulsohnyonsei.atwebpages.com/1.hwp |
|
| Details | Url | 4 | http://yulsohnyonsei.atwewbpages.com/d.php |
|
| Details | Url | 2 | http://yulsohnyonsei.medianewsonline.com/1.hwp |
|
| Details | Url | 2 | http://yulsohnyonsei.medianewsonline.com/1.txt |
|
| Details | Url | 2 | http://yulsohnyonsei.medianewsonline.com/info.php?ki87ujhy= |
|
| Details | Url | 2 | http://yulsohnyonsei.medianewsonline.com/ksskdh/d.php |
|
| Details | Url | 2 | http://yulsohnyonsei.medianewsonline.com/post.php |
|
| Details | Url | 1 | http://yulsohnyonsei.medianewsonline.com/report.php?filename= |
|
| Details | Url | 2 | http://dmengineer.co.kr/images/s_title16.gif |
|
| Details | Url | 2 | http://dmengineer.co.kr/images/s_title17.gif |
|
| Details | Url | 2 | http://dmengineer.co.kr/images/s_title18.gif |
|
| Details | Url | 2 | https://225b4d3c305f43e1a590.blogspot.com/2022/01/1.html |
|
| Details | Url | 2 | https://225b4d3c305f43e1a590.blogspot.com/2022/02/1.html |
|
| Details | Url | 2 | https://3a8f846675194d779198.blogspot.com/2021/10/1.html |
|
| Details | Url | 2 | https://c52ac2f8ac0693d8790c.blogspot.com/2021/10/1.html |
|
| Details | Url | 2 | https://leejong-sejong.blogspot.com/2022/01/blog-post.html |