Kimsuky group appears to be exploiting OneNote like the cybercrime group
Tags
| country: | North Korea South Korea |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | e6eacf26-4bfd-4892-94b7-5f6f85ee4045 |
| Fingerprint | 9c481bf11df3cf08 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 20, 2023, 4:34 a.m. |
| Added to db | Aug. 13, 2023, 2:42 a.m. |
| Last updated | Nov. 17, 2024, 6:45 p.m. |
| Headline | Kimsuky group appears to be exploiting OneNote like the cybercrime group |
| Title | Kimsuky group appears to be exploiting OneNote like the cybercrime group |
| Detected Hints/Tags/Attributes | 39/3/22 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 220 | ✔ | Stories by S2W on Medium | https://s2w.medium.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | delps.scienceontheweb.net |
|
| Details | Domain | 37 | blog.alyac.co.kr |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | Domain | 4 | kcm.trellix.com |
|
| Details | Domain | 30 | s2w.inc |
|
| Details | Domain | 335 | www.facebook.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | File | 64 | list.php |
|
| Details | File | 28 | s2w.inc |
|
| Details | md5 | 3 | aa756b20170aa0869d6f5d5b5f1b7c37 |
|
| Details | md5 | 3 | f2a0e92b80928830704a00c91df87644 |
|
| Details | IPv4 | 3 | 185.176.43.98 |
|
| Details | Url | 2 | http://delps.scienceontheweb.net/ital/info/sample.hwp |
|
| Details | Url | 2 | http://delps.scienceontheweb.net/ital/info/list.php?query=1 |
|
| Details | Url | 1 | https://blog.alyac.co.kr/3799 |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/31481 |
|
| Details | Url | 1 | https://kcm.trellix.com/corporate/index?page=content&id=kb96072&locale=en_us |
|
| Details | Url | 27 | https://s2w.inc |
|
| Details | Url | 32 | https://www.facebook.com/s2wlab |
|
| Details | Url | 27 | https://twitter.com/s2w_official |
|
| Details | Windows Registry Key | 22 | HKCU\Software\Microsoft\Internet |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Microsoft\Edge\IEToEdge |