DPRK UNC3782
Contents
DPRK UNC3782
Executive summary
UNC3782 has targeted Naver Corp through hundreds of Naver typosquat phishing domains throughout 2021 and up until the end of 2022. In late 2022, UNC3782 briefly created some cryptocurrency domains, marking the first time UNC3782 had created different domains compared to their previous TTPs. The cryptocurrency-themed domains are live as of today and are believed to target NFT and Cryptocurrency holders We have discovered 19 unique email addresses that we believe are part of UNC3782 campaigns and we found 1983 unique hostnames. The extensive targeting of Naver CORP, cryptocurrency websites, and the overlap that Mandiant has seen with the DPRK APT43 (Kimsuky) makes UNC3782 a very interesting cluster. It remains unclear whether UNC3782 is APT43.
Background
In a blog from Mandiant from April 2023 named “3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible” are some interesting indicators shared which are …
Executive summary
UNC3782 has targeted Naver Corp through hundreds of Naver typosquat phishing domains throughout 2021 and up until the end of 2022. In late 2022, UNC3782 briefly created some cryptocurrency domains, marking the first time UNC3782 had created different domains compared to their previous TTPs. The cryptocurrency-themed domains are live as of today and are believed to target NFT and Cryptocurrency holders We have discovered 19 unique email addresses that we believe are part of UNC3782 campaigns and we found 1983 unique hostnames. The extensive targeting of Naver CORP, cryptocurrency websites, and the overlap that Mandiant has seen with the DPRK APT43 (Kimsuky) makes UNC3782 a very interesting cluster. It remains unclear whether UNC3782 is APT43.
Background
In a blog from Mandiant from April 2023 named “3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible” are some interesting indicators shared which are …
IoC
http://heroesvillainsnft.xyz
http://172.67.187.252
http://172.93.201.88
http://m.noox.farm
http://www.pencils.farm
http://jqueryservice.pro
http://2021-11-26nxmnv.site
http://pencils.farm
http://www.peth.top
http://104.21.52.18
https://x.com/FrazierPharaoh/status/1837897175914741881
http://104.21.40.31
http://protonmail.com
http://gmail.com
http://noox.farm
http://172.67.174.224
http://navercomb.tech
http://188.114.97.0
http://unisockshub.com
http://vwg9epio2y.pencils.farm
http://104.21.19.35
http://naverorteam.link
http://navermailcorp.com
http://23.83.133.196
http://nooxdao.top
http://172.67.194.73
http://172.236.126.145
http://172.67.153.143
http://navvsecurity.tech
http://www.unisockshub.com
http://104.21.7.194
http://104.21.70.235
http://172.67.168.192
http://nxmnv.site
http://172.236.126.234
http://navsvcorp.tech
http://nooxdao.net
http://nooxnft.net
http://172.67.184.241
http://wildcard.noox.farm
http://nooxlabs.net
https://github.com/Meesvanwickeren/Threat_Intel/blob/main/DPRK_UNC3782_Indicators
http://nawerteam.tech
http://fz9buhqmal.pencils.farm
http://www.noox.farm
http://hotmail.com
http://outlook.com
http://pooleth.top
http://172.236.126.225
http://navreteam.tech
http://108.177.235.82
http://172.67.163.32
http://104.21.82.51
http://www.nooxdao.net
http://188.114.96.3
http://peth.top
http://104.21.10.119
http://188.114.97.3
http://unisocks.net
http://188.114.96.4
http://naveeocorp.xy
http://188.114.97.4
http://188.114.96.0
http://nresxn.xyz
http://172.236.126.142
http://08journalide.org
3.33.243.145
15.235.33.18
104.21.82.51
15.235.33.28
188.114.97.0
13.248.158.159
172.67.174.224
172.236.126.142
188.114.96.3
172.236.126.234
104.21.70.235
13.248.151.237
104.21.19.35
15.235.132.75
172.236.126.145
172.67.184.241
188.114.97.3
188.114.96.4
2.57.90.16
172.67.163.32
13.248.252.114
2.57.90.58
172.236.126.225
104.21.7.194
188.114.97.4
23.83.133.196
104.21.10.119
172.67.187.252
172.67.153.143
172.93.201.88
104.21.40.31
188.114.96.0
172.67.168.192
172.67.194.73
5.196.104.158
108.177.235.82
104.21.52.18
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
e2D4C648776ace65D8A745e06B5dD4338DBD152C
a1f7c63fe3fe78246664d996211f2b888eec59b7
BC3DEC159044a6349fd1e603e400C220306694fA
Ec3Eb0f8a34ceEbeE33dE64FCF96c455FA2fF1C0
6b177466f62318c1c7d242fae1f4a3e9daf6ff97a709abf43cdb166be1cc1df4
http://172.67.187.252
http://172.93.201.88
http://m.noox.farm
http://www.pencils.farm
http://jqueryservice.pro
http://2021-11-26nxmnv.site
http://pencils.farm
http://www.peth.top
http://104.21.52.18
https://x.com/FrazierPharaoh/status/1837897175914741881
http://104.21.40.31
http://protonmail.com
http://gmail.com
http://noox.farm
http://172.67.174.224
http://navercomb.tech
http://188.114.97.0
http://unisockshub.com
http://vwg9epio2y.pencils.farm
http://104.21.19.35
http://naverorteam.link
http://navermailcorp.com
http://23.83.133.196
http://nooxdao.top
http://172.67.194.73
http://172.236.126.145
http://172.67.153.143
http://navvsecurity.tech
http://www.unisockshub.com
http://104.21.7.194
http://104.21.70.235
http://172.67.168.192
http://nxmnv.site
http://172.236.126.234
http://navsvcorp.tech
http://nooxdao.net
http://nooxnft.net
http://172.67.184.241
http://wildcard.noox.farm
http://nooxlabs.net
https://github.com/Meesvanwickeren/Threat_Intel/blob/main/DPRK_UNC3782_Indicators
http://nawerteam.tech
http://fz9buhqmal.pencils.farm
http://www.noox.farm
http://hotmail.com
http://outlook.com
http://pooleth.top
http://172.236.126.225
http://navreteam.tech
http://108.177.235.82
http://172.67.163.32
http://104.21.82.51
http://www.nooxdao.net
http://188.114.96.3
http://peth.top
http://104.21.10.119
http://188.114.97.3
http://unisocks.net
http://188.114.96.4
http://naveeocorp.xy
http://188.114.97.4
http://188.114.96.0
http://nresxn.xyz
http://172.236.126.142
http://08journalide.org
3.33.243.145
15.235.33.18
104.21.82.51
15.235.33.28
188.114.97.0
13.248.158.159
172.67.174.224
172.236.126.142
188.114.96.3
172.236.126.234
104.21.70.235
13.248.151.237
104.21.19.35
15.235.132.75
172.236.126.145
172.67.184.241
188.114.97.3
188.114.96.4
2.57.90.16
172.67.163.32
13.248.252.114
2.57.90.58
172.236.126.225
104.21.7.194
188.114.97.4
23.83.133.196
104.21.10.119
172.67.187.252
172.67.153.143
172.93.201.88
104.21.40.31
188.114.96.0
172.67.168.192
172.67.194.73
5.196.104.158
108.177.235.82
104.21.52.18
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
e2D4C648776ace65D8A745e06B5dD4338DBD152C
a1f7c63fe3fe78246664d996211f2b888eec59b7
BC3DEC159044a6349fd1e603e400C220306694fA
Ec3Eb0f8a34ceEbeE33dE64FCF96c455FA2fF1C0
6b177466f62318c1c7d242fae1f4a3e9daf6ff97a709abf43cdb166be1cc1df4