← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Domain Hunting and Pivoting Leading to Possible Kimsuky Activity
WHITE JoeSlowik 2022-11-23 Modified: 2022-12-23
50
IOCs
MEDIUM VOLUME
While providing an overview of network-based threat hunting and pivoting, researchers discovered a likely credential harvesting campaign with possible connections to Kimsuky
censys searchvirustotalopensthreatconnectdomaintoolsnovembersmtp serverkimsukyasia pacificclickkoreandaumtwitterfacebook
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (50)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain authuser.info 2022-11-23
domain certuser.info 2022-11-23
domain cmember.eu 2022-11-23
domain daum-policy.com 2022-11-23
domain daum-privacy.com 2022-11-23
domain daum-security.com 2022-11-23
domain googlernails.com 2022-11-23
domain googlmeil.com 2022-11-23
domain goooglesecurity.com 2022-11-23
domain guser.eu 2022-11-23
domain kakaocop.com 2022-11-23
domain komale.eu 2022-11-23
domain koreailmin.com 2022-11-23
domain mailuser.info 2022-11-23
domain main.in.net 2022-11-23
domain msn-imap.com 2022-11-23
domain natescorp.com 2022-11-23
domain navemail.space 2022-11-23
domain navercorp.center 2022-11-23
domain navernail.eu 2022-11-23
domain oncloudvip.info 2022-11-23
domain onkrdot.info 2022-11-23
domain servicemember.info 2022-11-23
domain serviceprotect.eu 2022-11-23
domain usersec.info 2022-11-23
hostname account.authuser.info 2022-11-23
hostname account.koreailmin.com 2022-11-23
hostname accounts.auser.eu 2022-11-23
hostname accounts.goooglesecurity.com 2022-11-23
hostname accounts.guser.eu 2022-11-23
hostname accounts.oksite.eu 2022-11-23
hostname accounts.slogin.edu 2022-11-23
hostname accountsig.servicemember.info 2022-11-23
hostname accountskk.certuser.info 2022-11-23
hostname accountslog.puser.eu 2022-11-23
hostname accountsms.certuser.info 2022-11-23
hostname accountsmt.certuser.info 2022-11-23
hostname contentnts.slogin.eu 2022-11-23
hostname loginsig.servicemember.info 2022-11-23
hostname loginsioup.certuser.info 2022-11-23
hostname loginslive.certuser.info 2022-11-23
hostname loginsmcmf.certuser.info 2022-11-23
hostname mobile.navernnail.com 2022-11-23
hostname mysql06.certuser.info 2022-11-23
hostname nidlogin.navernnail.com 2022-11-23
hostname nidm.navernnail.com 2022-11-23
hostname remote.navernail.eu 2022-11-23
hostname staticnidlog.navernail.eu 2022-11-23
hostname t1dm.certuser.info 2022-11-23
hostname vpn.navernail.eu 2022-11-23
References (1)
↗ https://pylos.co/2022/11/23/detailing-daily-domain-hunting/