{ "type": "Domain", "indicator": "hdrgdrfes.chickenkiller.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/hdrgdrfes.chickenkiller.com", "alexa": "http://www.alexa.com/siteinfo/hdrgdrfes.chickenkiller.com", "indicator": "hdrgdrfes.chickenkiller.com", "type": "domain", "type_title": "Domain", "validation": [ { "source": "akamai", "message": "Akamai rank: #8784", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain chickenkiller.com", "name": "Whitelisted domain" } ], "base_indicator": {}, "pulse_info": { "count": 0, "pulses": [], "references": [], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6a19766cc7caf96e27eae35e", "name": "Kimsuky's Advanced Attack Techniques: JSONPing, Webex Spoofing, and a New HttpSpy Variant", "description": "Through April 2026, Kimsuky deployed sophisticated malicious campaigns against South Korean military and corporate entities using tailored social engineering tactics including fake security software installation pages and spoofed Webex meeting pages leveraging legitimate meeting schedules. The threat actor introduced a novel JSONPing technique allowing distribution pages to verify in real time whether victims executed the payload via JSONP queries to localhost servers. Analysis revealed a new HttpSpy variant with a three-stage execution chain replacing the previous single-binary architecture, utilizing RC4 encryption and shared infrastructure indicators. Attribution was confirmed through code pattern overlaps, reused encryption keys, XAMPP certificate fingerprints, and preferred ASN usage consistent with historical Kimsuky operations targeting South Korea.", "author_name": "AlienVault", "modified": "2026-05-29T12:34:19.341000", "created": "2026-05-29T11:20:12.463000", "revision": 2, "tlp": "white", "public": 1, "adversary": "Kimsuky", "indicators": [ { "id": 4149513649, "indicator": "load.serverpit.com", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4226666987, "indicator": "c089457d5f4b22313b927bb36a320f8d7a1ddb6d5b82293dc2374dcfd4b1b8b2", "type": "FileHash-SHA256", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4245285670, "indicator": "load.erasecloud.n-e.kr", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4337137940, "indicator": "784d9273c75e983f2b4730d1f2198cc44e9599709f4a5519a2bd3049095dc9d5", "type": "FileHash-SHA256", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617969, "indicator": "a2547836564b0732c6d02a78702da7e6", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617970, "indicator": "a581fdea0970f8a5b6cfec4853c802d7", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617971, "indicator": "a87cd5fd8fe223816005e81e0da70b21", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617972, "indicator": "b4dd4c76d7deef4cf532e240b7f84c9d", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617973, "indicator": "bd8e948a6e61436532cd2ed2b62db3f3", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617974, "indicator": "be31a38bab026f229afd5e3174c363f7", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617975, "indicator": "be978477fe7c179cb9607a6e08a05dff", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617976, "indicator": "bea602695d58cbf25fff058834e36c1d", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617977, "indicator": "c05f074c70a6cacb0e6f05578aab3c9d", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617978, "indicator": "c61a6efe1a169c6c1d8595af3ff0dd74", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617979, "indicator": "c6de1be41dcfbad9cae76c58eae7f5a3", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617980, "indicator": "cc837d2b2af4bd9c1c3faf61cefeb848", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617981, "indicator": "d09c0744273355b6da719fdb62923bed", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617982, "indicator": "dd47c97b44408e0a5ecd8f482fcd0dbc", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617983, "indicator": "ea5f32e1273ec93d43ee09a337fb60e1", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617984, "indicator": "f57a9e973e1cecd6b361467041e464f4", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617985, "indicator": "fcaf03060e34a73fe499b906492d9f13", "type": "FileHash-MD5", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617986, "indicator": "364cc871e66afe65e1845205105c3f53f34afc01", "type": "FileHash-SHA1", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617987, "indicator": "b44e800436b2892f7c8f9fbd93e5e17a2e1fde04", "type": "FileHash-SHA1", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617988, "indicator": "c124f019ddaef2606a7394b0b9bf7ae1a05ecda4", "type": "FileHash-SHA1", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617989, "indicator": "ca42cba2782a0b6952dd0425fa08cbd4de65f77fcc00e965ee97c39bea42eb18", "type": "FileHash-SHA256", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617990, "indicator": "157.250.202.123", "type": "IPv4", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": "2026-06-28T11:00:00", "is_active": 1, "role": null }, { "id": 4383617991, "indicator": "27.102.113.106", "type": "IPv4", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": "2026-06-28T11:00:00", "is_active": 1, "role": null }, { "id": 4383617992, "indicator": "http://appview.imagetemplate.com/gateless_icon", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617993, "indicator": "http://bigfile.jaycloudlab.com/download.php?id=745896", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617994, "indicator": "http://download.birdriver.org/download.php?id=393156", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617995, "indicator": "http://hdrgdrfes.chickenkiller.com/index.php", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617996, "indicator": "http://load.erasecloud.n-e.kr/login.php", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617997, "indicator": "http://load.serverpit.com/fwrite.php", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617998, "indicator": "http://pipeline.embeddedonline.org/check.php?x-csrf-token=gateless", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383617999, "indicator": "http://pipeline.embeddedonline.org/download3.php?sessid=54126&user-token=gateless", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618000, "indicator": "http://www.ibizplus.n-e.kr/download.php?id=30382119", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618001, "indicator": "http://www.ibizplus.n-e.kr/download.php?id=30382120", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618002, "indicator": "http://www.ibizplus.n-e.kr/download.php?id=30382121", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618003, "indicator": "https://appview.imagetemplate.com/babymetalsave_icon", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618004, "indicator": "https://appview.imagetemplate.com/gateless_icon", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618005, "indicator": "https://bigfile.crabdance.com/recaptcha.html", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618006, "indicator": "https://conference.birdriver.org/", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618007, "indicator": "https://download.birdriver.org/download.php?id=393156", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618008, "indicator": "https://download.birdriver.org/download.php?id=425623", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618009, "indicator": "https://load.erasecloud.n-e.kr/login.php", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618010, "indicator": "https://load.serverpit.com/fwrite.php", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618011, "indicator": "https://pipeline.embeddedonline.org/check.php?x-csrf-token=babymetalsave", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618012, "indicator": "https://pipeline.embeddedonline.org/check.php?x-csrf-token=gateless", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618013, "indicator": "https://pipeline.embeddedonline.org/download3.php?sessid=54126&user-token=babymetalsave", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618014, "indicator": "https://www.ibizplus.n-e.kr/install.html", "type": "URL", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618015, "indicator": "appview.imagetemplate.com", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618016, "indicator": "bigfile.crabdance.com", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618017, "indicator": "bigfile.jaycloudlab.com", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618018, "indicator": "conference.birdriver.org", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618019, "indicator": "download.birdriver.org", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618020, "indicator": "hdrgdrfes.chickenkiller.com", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618021, "indicator": "pipeline.embeddedonline.org", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null }, { "id": 4383618022, "indicator": "www.ibizplus.n-e.kr", "type": "hostname", "created": "2026-05-29T11:20:13", "content": "", "title": "", "description": "", "expiration": null, "is_active": 1, "role": null } ], "tags": [ "spear phishing", "httpspy", "webex spoofing", "loaddll.dll", "south korea targeting", "memloader", "jsonping", "calc.exe", "social engineering", "kimsuky", "spyloader.dll", "rat", "spyinster.dll" ], "targeted_countries": [], "malware_families": [ "HttpSpy", "MemLoader", "calc.exe", "spyInster.dll", "spyLoader.dll", "loadDll.dll" ], "attack_ids": [], "references": [ "https://www.enki.co.kr/en/media-center/blog/kimsuky-s-advanced-attack-techniques-jsonping-webex-spoofing-and-a-new-httpspy-variant" ], "industries": [ "Defense", "Finance" ], "extract_source": [], "more_indicators": false, "indicator_count": 58 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "hdrgdrfes.chickenkiller.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "hdrgdrfes.chickenkiller.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780169887.2711651 }