← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Credential Phishing Campaign targetting Governments
WHITE Kimsuky AlienVault 2019-09-02 Modified: 2019-09-03
1098
IOCs
HIGH VOLUME
During its investigations and with the cooperation of multiple partners, ANSSI has discovered several clusters of malicious activity, including domain names, subdomains and email addresses, used in a large attack campaign with traces going back to 2017. The threat actor registered multiple domain names, and created several subdomains with a naming pattern revealing its potential targets.
north koreakimsuky
Indicators of Compromise (3 / 1098 total)
All email domain FileHash-SHA256 hostname FileHash-MD5 FileHash-SHA1 URL IPv4
TYPEINDICATORDESCRIPTIONCREATED
URL https://login-main.bigwnet.com/attachment/view/cow.php?op=Normal.src 2019-09-03
URL https://login-main.bigwnet.com/attachment/view/cow.php?op=Normal.src&id=UwBVAFMAQQBOAC0AUABDAA== 2019-09-03
URL https://login-main.bigwnet.com/attachment/view1/Speaking_notes-ExMon_Deterrence_Summit-18Mar-rev19Mar19.doc 2019-09-03
References (1)
↗ https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-ACT-009.pdf