← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Assessment: North Korean Threat Groups
WHITE Various North Korean groups under the Reconnaissance General Bureau AlienVault 2024-09-10 Modified: 2024-10-10
98
IOCs
HIGH VOLUME
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10 malware samples across Windows, macOS, and Linux systems, providing technical insights into their functionality and Palo Alto Networks Cortex XDR's capability to detect and mitigate these threats.
comebackercollectionratnorthkoreamalwarefullhouseespionagepoolratratscybercrimeodicloaderrustbucketobjcshellzkandykornpondratsmoothoperator
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RustBucket KANDYKORN SmoothOperator ObjCShellz Fullhouse POOLRAT PondRAT OdicLoader Comebacker CollectionRAT
Indicators of Compromise (98)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 05957d98a75c04597649295dc846682d 2024-09-10
FileHash-MD5 17ab2927a235a0b98480945285767bcf 2024-09-10
FileHash-MD5 1fddf14984c6b57358401a4587e7b950 2024-09-10
FileHash-MD5 2fdf61fdfd649f8bbf5730307a0ab5d1 2024-09-10
FileHash-MD5 33c9a47debdb07824c6c51e13740bdfe 2024-09-10
FileHash-MD5 3cf7232e5185109321921046d039cf10 2024-09-10
FileHash-MD5 451c23709ecd5a8461ad060f6346930c 2024-09-10
FileHash-MD5 470275eaf344be97f9950c4c42a783ef 2024-09-10
FileHash-MD5 4745f0dbe50ba732cffb72c3cb62e51a 2024-09-10
FileHash-MD5 5499878e25b23aec7700c756bbcd56c4 2024-09-10
FileHash-MD5 5ee33bf8d8834370daa5b70db373024a 2024-09-10
FileHash-MD5 5faf36ca90f6406a78124f538a03387a 2024-09-10
FileHash-MD5 660ea9b8205fbd2da59fefd26ae5115c 2024-09-10
FileHash-MD5 6f2f61783a4a59449db4ba37211fa331 2024-09-10
FileHash-MD5 791167f905e248b7aef5b5f28d939516 2024-09-10
FileHash-MD5 9294648d744703cfa0456ec74d014fe4 2024-09-10
FileHash-MD5 973225dc83f568ef6208d49fe2648fc0 2024-09-10
FileHash-MD5 9ca5df575e5bd60035202dabd67b7af2 2024-09-10
FileHash-MD5 b62c912de846e743effdf7e5654a7605 2024-09-10
FileHash-MD5 c90d094a8fbeaa8a0083c7372bfc1897 2024-09-10
FileHash-MD5 d8011dcca570689d72064b156647fa82 2024-09-10
FileHash-MD5 f44bc360b07800a4746511aecf5e3f3d 2024-09-10
FileHash-MD5 f50c83a4147b86cdb20cc1fbae458865 2024-09-10
FileHash-SHA1 060a5d189ccf3fc32a758f1e218f814f6ce81744 2024-09-10
FileHash-SHA1 137b311737bcba57782a167a8f7cea0872ba7316 2024-09-10
FileHash-SHA1 3a63477a078ce10e53dfb5639e35d74f93cefa81 2024-09-10
FileHash-SHA1 43f987c15ae67b1183c4c442dc3b784faf2df090 2024-09-10
FileHash-SHA1 44295938e2cf01cdce8dacf1d54965b192a30c03 2024-09-10
FileHash-SHA1 58b0516d28bd7218b1908fb266b8fe7582e22a5f 2024-09-10
FileHash-SHA1 676537b0f7707feae0130bbcbdc881f5b4eb3f03 2024-09-10
FileHash-SHA1 6f391d282a37b770abcedd08c4c0e2156076cd8e 2024-09-10
FileHash-SHA1 769383fc65d1386dd141c960c9970114547da0c2 2024-09-10
FileHash-SHA1 79337ccda23c67f8cfd9f43a6d3cf05fd01d1588 2024-09-10
FileHash-SHA1 7b6e6487b803bbe85d7466b89da51a269fa4fc29 2024-09-10
FileHash-SHA1 8027c1d1ac0fd7d40ee850119c6d4501fbe75eab 2024-09-10
FileHash-SHA1 8a030a03570134cee4659b1b1f666f6f48c27fa5 2024-09-10
FileHash-SHA1 8dc95be0cf52c64e3d6c519e356b0c3f0d729bd4 2024-09-10
FileHash-SHA1 97e9c7091a7275655d0e44559a3df6d5a0cf21d9 2024-09-10
FileHash-SHA1 9e9a5f8d86356796162cee881c843cde9eaedfb3 2024-09-10
FileHash-SHA1 b2a89eebb5be61939f5458a024c929b169b4dc85 2024-09-10
FileHash-SHA1 be903ded39cbc8332cefd9ebbe7a66d95e9d6522 2024-09-10
FileHash-SHA1 cb123a197a3baa8865a3ca2cee25022d0a578371 2024-09-10
FileHash-SHA1 d28830d87fc71091f003818ef08ff0b723b3f358 2024-09-10
FileHash-SHA1 d4b96e9d966b0f1e9ff1ef61a8d09c9020254652 2024-09-10
FileHash-SHA1 e2af7a895aef936c2761289acafe564b4dc7ba4e 2024-09-10
FileHash-SHA1 e68bfa72a4b4289a4cc688e81f9282b1f78ebc1f 2024-09-10
FileHash-SHA256 081804b491c70bfa63ecdbe9fd4618d3570706ad8b71dba13e234069648e5e48 2024-09-10
FileHash-SHA256 0b5db31e47b0dccfdec46e74c0e70c6a1684768dbacc9eacbb4fd2ef851994c7 2024-09-10
FileHash-SHA256 15d53bb839e00405a34a8b690ec181f5555fc4f891b8248ae7fa72bad28315a9 2024-09-10
FileHash-SHA256 2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1 2024-09-10
FileHash-SHA256 2546d239a262c24a6f8ea01d890cbc459a22db79b379b6ec3b24fbb56efb5381 2024-09-10
FileHash-SHA256 3c8dbfcbb4fccbaf924f9a650a04cb4715f4a58d51ef49cc75bfcef0ac258a3e 2024-09-10
FileHash-SHA256 3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940 2024-09-10
FileHash-SHA256 479038eb12ed07893ee0dcc04fbdcf182489bbb271f5a4f90f83874881a80ce3 2024-09-10
FileHash-SHA256 492a643bd1efdaca4ca125ade1b606e7bbf00e995ac9115ac84d1c4c59cb66dd 2024-09-10
FileHash-SHA256 5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a 2024-09-10
FileHash-SHA256 5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456 2024-09-10
FileHash-SHA256 5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8 2024-09-10
FileHash-SHA256 63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c 2024-09-10
FileHash-SHA256 689cfaa9319f3f7529a31472ecf6b2e0ca6891b736de009e0b6c2ebac958cc94 2024-09-10
FileHash-SHA256 6c121f2b2efa6592c2c22b29218157ec9e63f385e7a1d7425857d603ddef8c59 2024-09-10
FileHash-SHA256 7667d1b8fcc4f712084e3e3f8b4ab505ab150c52aea7b219249ec508b4b0e224 2024-09-10
FileHash-SHA256 87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c 2024-09-10
FileHash-SHA256 8bfa4fe0534c0062393b6a2597c3491f7df3bf2eabfe06544c53bdf1f38db6d4 2024-09-10
FileHash-SHA256 91eaf215be336eae983d069de16630cc3580e222c427f785e0da312d0692d0fd 2024-09-10
FileHash-SHA256 927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6 2024-09-10
FileHash-SHA256 973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c 2024-09-10
FileHash-SHA256 99dbc6fe3c3e465052fcefa1642861747dc9e069eeb244589b605bd710b1e0d1 2024-09-10
FileHash-SHA256 a03d13c9825e150810e6e6aaf053d71ec5a53b86581414dd982a74d4a8bc5475 2024-09-10
FileHash-SHA256 a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67 2024-09-10
FileHash-SHA256 bce1eb513aaac344b5b8f7a9ba9c9e36fc89926d327ee5cc095fb4a895a12f80 2024-09-10
FileHash-SHA256 bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6b 2024-09-10
FileHash-SHA256 c6a48365c3db9761bd60981bdcdd87aced23d8e60067caa30fee501bf4b47b84 2024-09-10
FileHash-SHA256 c7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe 2024-09-10
FileHash-SHA256 c83c7b000a955f2b8cb92bb112ed606ffd9fbebbe3422f80d90d06b167f2f37b 2024-09-10
FileHash-SHA256 c9a7b42c7b29ca948160f95f017e9e9ae781f3b981ecf6edbac943e52c63ffc8 2024-09-10
FileHash-SHA256 cbf4cfa2d3c3fb04fe349161e051a8cf9b6a29f8af0c3d93db953e5b5dc39c86 2024-09-10
FileHash-SHA256 d8565d58ad8e4f5558b5cd70df0ad12be9cf44e32ad07aaac6f65b816edbf414 2024-09-10
FileHash-SHA256 db6a9934570fa98a93a979e7e0e218e0c9710e5a787b18c6948f2eedd9338984 2024-09-10
FileHash-SHA256 e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec 2024-09-10
FileHash-SHA256 f1713afaf5958bdf3e975ebbab8245a98a84e03f8ce52175ef1568de208116e0 2024-09-10
FileHash-SHA256 f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703 2024-09-10
FileHash-SHA256 fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7 2024-09-10
URL http://rgedist.com/sfxl.php 2024-09-10
URL http://www.talesseries.com/write.php 2024-09-10
domain airbseeker.com 2024-09-10
domain basketsalute.com 2024-09-10
domain contortonset.com 2024-09-10
domain globalkeystroke.com 2024-09-10
domain jdkgradle.com 2024-09-10
domain levelframeblog.com 2024-09-10
domain prontoposer.com 2024-09-10
domain rebelthumb.net 2024-09-10
domain relysudden.com 2024-09-10
domain rentedpushy.com 2024-09-10
domain rgedist.com 2024-09-10
domain swissborg.blog 2024-09-10
hostname www.talesseries.com 2024-09-10
References (1)
↗ https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/