Pulse Detail — Threat Intelligence

PULSE NAME

Threat Trend Report on Kimsuky

WHITE CyberHunter_NL 2023-06-09 Modified: 2023-06-09

IOCs

MEDIUM VOLUME

The full text of the AhnLab Cyber Threat Intelligence Report on Kimsuky Group, which was published on 1 May 2023, is subject to copyright protection and may not be published elsewhere.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1547 T1027

MALWARE FAMILIES

BravePrince FlowerPower AppleSeed Kimsuky

Indicators of Compromise (47)

All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	r-e.kr	—	2023-06-09
domain	p-e.kr	—	2023-06-09
domain	o-r.kr	—	2023-06-09
domain	n-e.kr	—	2023-06-09
domain	kro.kr	—	2023-06-09
FileHash-MD5	00dbf10c3103ed95f6abe0f98b2384f7	—	2023-06-09
FileHash-MD5	1a7098ee5571a5fa928eb517a56740eb	—	2023-06-09
FileHash-MD5	1ff29b06dc80eae0f3583c965bbdfe92	—	2023-06-09
FileHash-MD5	34c58ac8f0f780512b7165697fc693fa	—	2023-06-09
FileHash-MD5	433a2a49a84545f23a038f3584f28b4a	—	2023-06-09
FileHash-MD5	5f88da72abdbd23da4df12385f26eb99	—	2023-06-09
FileHash-MD5	6158c202a1005f0ef64b3a9ac85c4950	—	2023-06-09
FileHash-MD5	6b017dcaaba40712b74fadaa5cbc94c9	—	2023-06-09
FileHash-MD5	6d788bc0be3f8f271de503cfc8bf5928	—	2023-06-09
FileHash-MD5	7bfba6a51c9193ac142eab8c2c180470	—	2023-06-09
FileHash-MD5	7fced6cd5c31375fdf4bf3ad9a24e5a8	—	2023-06-09
FileHash-MD5	84b18f77cf556c31582c96fde60cad34	—	2023-06-09
FileHash-MD5	8867e234ed6e619c38198f1576ea9438	—	2023-06-09
FileHash-MD5	955170427d0c4f9c23f7b8507a6003aa	—	2023-06-09
FileHash-MD5	b29de686362ea0d2d1b768e2e4438a91	—	2023-06-09
FileHash-MD5	b5fa9fc4ce170ae200c6ff9b568cf967	—	2023-06-09
FileHash-MD5	bc1c1013568bf6deed4aa4af00536b47	—	2023-06-09
FileHash-MD5	c3026118c6ec57ef62b627b4a3ce0c31	—	2023-06-09
FileHash-MD5	e3fe5030ffa123fe6bebe6cb73e3949e	—	2023-06-09
FileHash-SHA1	822146fc3f0a6ae80159d9e5fd61c6d6fbe71da0	SHA1 of 5f88da72abdbd23da4df12385f26eb99	2023-06-09
FileHash-SHA1	d986f0ad63eeadbaeb94e5be67dbf008ab34a834	SHA1 of 433a2a49a84545f23a038f3584f28b4a	2023-06-09
FileHash-SHA1	e6eab62d4ad37a1de01a9deddfab9dbb588223ca	SHA1 of 955170427d0c4f9c23f7b8507a6003aa	2023-06-09
FileHash-SHA256	1ec4d60738a671f00089a86eeba6cb13750bce589e84fd177707718a4cc7d8f1	SHA256 of 955170427d0c4f9c23f7b8507a6003aa	2023-06-09
FileHash-SHA256	6bab11d9561482777757f16c069ebef3f1cd6885dbef55306ffde30037a41d48	SHA256 of 433a2a49a84545f23a038f3584f28b4a	2023-06-09
FileHash-SHA256	b92cb632535fd8b5c3863635b980611deae61420d76158fc6e7b307518302490	SHA256 of 5f88da72abdbd23da4df12385f26eb99	2023-06-09
URL	http://greenspace1.com/gnuboard4/bbs/png/main.php?query=[RandomNumber]	—	2023-06-09
URL	http://greenspace1.com/gnuboard4/bbs/png/stdio.php?idx=[RandomNumber]	—	2023-06-09
URL	http://ibsq.co.kr/m.layouts/demo.txt	—	2023-06-09
URL	http://usn.drctech.kr/motel2/plugin/new/test/main.php?query=[RandomNumber]	—	2023-06-09
URL	http://usn.drctech.kr/motel2/plugin/new/test/stdio.php?idx=[RandomNumber]	—	2023-06-09
URL	http://www.mowu119.com/skin/shop/basic/jhstyle/lib.php?idx=[RandomNumber]	—	2023-06-09
URL	http://www.mowu119.com/skin/shop/basic/jhstyle/list.php?query=[RandomNumber]	—	2023-06-09
domain	greenspace1.com	—	2023-06-09
domain	ibsq.co.kr	—	2023-06-09
hostname	clear.worksheet.n-e.kr	—	2023-06-09
hostname	coef.getenjoyment.net	—	2023-06-09
hostname	funny.storie2.r-e.kr	—	2023-06-09
hostname	grghergoij.getenjoyment.net	—	2023-06-09
hostname	metasa2.getenjoyment.net	—	2023-06-09
hostname	qwsx.xn--2i0b10rqve.xn--3e0b707e	—	2023-06-09
hostname	usn.drctech.kr	—	2023-06-09
hostname	www.mowu119.com	—	2023-06-09

References (1)

↗ https://asec.ahnlab.com/wp-content/uploads/2023/06/ATIP_2023_Apr_Threat-Trend-Report-on-Kimsuky-Group.pdf