← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
WHITE celestre 2026-05-07 Modified: 2026-05-07
56
IOCs
HIGH VOLUME
ESET researchers uncovered a multiplatform supply-chain attack by North Korea-aligned APT group ScarCruft, targeting the Yanbian region in China – home to ethnic Koreans and a crossing point for North Korean refugees and defectors. In the attack, probably ongoing since late 2024, ScarCruft compromised Windows and Android components of a video game platform dedicated to Yanbian-themed games, trojanizing them with a backdoor.
lg dacomcorporationip managerhostway idcsk broadbandco ltd
Indicators of Compromise (56)
All IPv4 domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
IPv4 114.108.128.157 CC=KR ASN=AS3786 lg dacom corporation 2026-05-07
IPv4 211.239.117.117 CC=KR ASN=AS9952 hostway idc 2026-05-07
IPv4 221.143.43.214 CC=KR ASN=AS9318 sk broadband co ltd 2026-05-07
IPv4 222.231.2.20 CC=KR ASN=AS3786 lg dacom corporation 2026-05-07
IPv4 222.231.2.23 CC=KR ASN=AS3786 lg dacom corporation 2026-05-07
IPv4 222.231.2.41 CC=KR ASN=AS3786 lg dacom corporation 2026-05-07
IPv4 39.106.249.68 CC=CN ASN=AS37963 hangzhou alibaba advertising co. ltd. 2026-05-07
domain 1980food.co.kr 2026-05-07
domain cndsoft.co.kr 2026-05-07
domain colorncopy.co.kr 2026-05-07
domain inodea.com 2026-05-07
domain sejonghaeun.com 2026-05-07
domain sqgame.com.cn 2026-05-07
hostname www.lawwell.co.kr 2026-05-07
FileHash-MD5 0bd494830049d72f015da64a407e9813 2026-05-07
FileHash-MD5 1f3c8879349d5fcf973abbcee82fd069 MD5 of 2c6cc71b7e7e4b28c2c176b504bc5bdb687c4d41 2026-05-07
FileHash-MD5 23a1eacad84be4f2c5830755b1948582 MD5 of 01a33066fbc6253304c92760916329abd50c3191 2026-05-07
FileHash-MD5 2d397a2ca2d3bfc9c7a509d04376547b MD5 of b06110e0feb7592872e380b7e3b8f77d80dd1108 2026-05-07
FileHash-MD5 3d3d2dc34f01bcf890f185a5421836c7 MD5 of fc0c691db7e2d2bd3b0b4c1e24d18df72168b7d9 2026-05-07
FileHash-MD5 4b1cdff75d17f3f220153e8f42ab58c0 2026-05-07
FileHash-MD5 72ac1287a8d71b27c437ec1f379ab506 MD5 of 7356d7868c81499fb4e720f7c9530e5763b4c1d0 2026-05-07
FileHash-MD5 7331602726f61959d8f0e7820d457370 MD5 of 03e3ece9f48cf4104aafc535790ca2fb3c6b26cf 2026-05-07
FileHash-MD5 83d0381907cbb1e2ed5973ec76452695 2026-05-07
FileHash-MD5 8602aaca3ea117d7c948e4bee0aac2c8 2026-05-07
FileHash-MD5 a0830ce48537ba052f1d3b905d11a5bf MD5 of 2b81f78ec4c3f8d6cf8f677d141c5d13c35333af 2026-05-07
FileHash-MD5 a48b62e55a692bf6d1046d2be64d7150 MD5 of 59a9b9d47ae36411b277544f25ad2cc955d8dd2c 2026-05-07
FileHash-MD5 af767a0f2454a60b45f7adf79a4279b0 2026-05-07
FileHash-MD5 e862d56da1077be740ffaa7b5b699675 MD5 of 95bdb94f6767a3cce6d92363bbf5bc84b786bdb0 2026-05-07
FileHash-SHA1 01a33066fbc6253304c92760916329abd50c3191 SHA1 of 23a1eacad84be4f2c5830755b1948582 2026-05-07
FileHash-SHA1 03e3ece9f48cf4104aafc535790ca2fb3c6b26cf SHA1 of 7331602726f61959d8f0e7820d457370 2026-05-07
FileHash-SHA1 2b81f78ec4c3f8d6cf8f677d141c5d13c35333af SHA1 of a0830ce48537ba052f1d3b905d11a5bf 2026-05-07
FileHash-SHA1 2c6cc71b7e7e4b28c2c176b504bc5bdb687c4d41 SHA1 of 1f3c8879349d5fcf973abbcee82fd069 2026-05-07
FileHash-SHA1 59a9b9d47ae36411b277544f25ad2cc955d8dd2c SHA1 of a48b62e55a692bf6d1046d2be64d7150 2026-05-07
FileHash-SHA1 7356d7868c81499fb4e720f7c9530e5763b4c1d0 SHA1 of 72ac1287a8d71b27c437ec1f379ab506 2026-05-07
FileHash-SHA1 95bdb94f6767a3cce6d92363bbf5bc84b786bdb0 SHA1 of e862d56da1077be740ffaa7b5b699675 2026-05-07
FileHash-SHA1 b06110e0feb7592872e380b7e3b8f77d80dd1108 SHA1 of 2d397a2ca2d3bfc9c7a509d04376547b 2026-05-07
FileHash-SHA1 fc0c691db7e2d2bd3b0b4c1e24d18df72168b7d9 SHA1 of 3d3d2dc34f01bcf890f185a5421836c7 2026-05-07
FileHash-SHA256 185633e5dbe9235fc7e6a1ccb8631650afefd8f7da88c5c07d9b99ea38159822 SHA256 of 3d3d2dc34f01bcf890f185a5421836c7 2026-05-07
FileHash-SHA256 1b357efafbcf7d0fc7a94b81654982024255a38d9922a0ce2434b7e0e6287796 SHA256 of 2d397a2ca2d3bfc9c7a509d04376547b 2026-05-07
FileHash-SHA256 33d887ca2e57fa03fc807dfba5376bf96718ee88f56e90d95ee4896a2c019bd0 SHA256 of 7331602726f61959d8f0e7820d457370 2026-05-07
FileHash-SHA256 415b253a81e67c8c860a97c73edc9017ce732b3c025d943d3b1a445b4ac82822 SHA256 of 23a1eacad84be4f2c5830755b1948582 2026-05-07
FileHash-SHA256 5aa7afd790481ad98357636fa4d9927ae01111409c8d7ce69998d2485c1d5e6f SHA256 of a48b62e55a692bf6d1046d2be64d7150 2026-05-07
FileHash-SHA256 751c8bda62110a0de6eb097f5c7955b1308f2d4acc2fc002a62cd9a59d59d912 SHA256 of e862d56da1077be740ffaa7b5b699675 2026-05-07
FileHash-SHA256 88d7aa96f00bcec816130950f4b851dddb17dcac82a05485f024266dc98713b8 SHA256 of 1f3c8879349d5fcf973abbcee82fd069 2026-05-07
FileHash-SHA256 95cda8431419f77407484ab72dc1e356421dcd801eccabe8869f77ee0eb58eb2 SHA256 of 72ac1287a8d71b27c437ec1f379ab506 2026-05-07
FileHash-SHA256 dfa9c6adac98311d0f62e0eeecb947d92f7bda41ddf4ce9a6f9e20af7990422d SHA256 of a0830ce48537ba052f1d3b905d11a5bf 2026-05-07
FileHash-SHA1 21ca0287ec5eaee8fb2f5d0542e378267d6ca0a6 2026-05-07
FileHash-SHA1 409c5acaed587f62f7e23da47f72c4d9ec3144d9 2026-05-07
FileHash-SHA1 5b70453ab58824a65ed0b6175c903aa022a87d6a 2026-05-07
FileHash-SHA1 d9a369e328ea4f1b8304b6e11b50275f798e9d6b 2026-05-07
FileHash-SHA1 f9f6c0184cee9c1e4e15c2a73e56d7b927ea685b 2026-05-07
FileHash-SHA256 486bd76669fc2c0adc25a5498b42c1df5fc90514866d78318f8954aa0c67eacc 2026-05-07
FileHash-SHA256 7e3027ea9b87d7e9df5e23b54076855a296e53f718b08e9dc0b08135e0415f29 2026-05-07
FileHash-SHA256 8282de02dd899f11011720db7e69826cac1f34f4a90c59f6405614bb991d3015 2026-05-07
FileHash-SHA256 abfa1524bf5ea0fa2f5903068b5def272cbb73073a295c58a9e30a65d35ff2ae 2026-05-07
FileHash-SHA256 bd620fbc225207d0abf8261847d0d942a75c939ccd3983293f4a096f547addb4 2026-05-07
References (1)
↗ https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/#iocs