It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
Contents
It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
In July 2022, during proactive threat hunting activities at a company in the media industry, Mandiant Managed Defense identified a novel spear phish methodology employed by the threat cluster tracked as UNC4034. Mandiant has identified several overlaps between this group and those we suspect have a North Korea nexus.
UNC4034 established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility.
The Managed Defense Threat Hunting Mindset
One of the cornerstones of the Mandiant Managed Defense service offering is its proactive threat hunting program that protects our customers from advanced threat actor’s tools, tactics and techniques that bypass traditional detection mechanisms. Managed Defense threat hunters leverage Mandiant’s deep adversary research and exposure to threat actor behaviors to …
In July 2022, during proactive threat hunting activities at a company in the media industry, Mandiant Managed Defense identified a novel spear phish methodology employed by the threat cluster tracked as UNC4034. Mandiant has identified several overlaps between this group and those we suspect have a North Korea nexus.
UNC4034 established communication with the victim over WhatsApp and lured them to download a malicious ISO package regarding a fake job offering that led to the deployment of the AIRDRY.V2 backdoor through a trojanized instance of the PuTTY utility.
The Managed Defense Threat Hunting Mindset
One of the cornerstones of the Mandiant Managed Defense service offering is its proactive threat hunting program that protects our customers from advanced threat actor’s tools, tactics and techniques that bypass traditional detection mechanisms. Managed Defense threat hunters leverage Mandiant’s deep adversary research and exposure to threat actor behaviors to …
IoC
137.184.15.189
1492fa04475b89484b5b0a02e6ba3e52544c264c294b57210404b96b65e63266
18c873c498f5b90025a3c33b17031223
3ac82652cf969a890345db1862deff4ea8885fe72fb987904c0283a2d5e6aac4
4914bcbbe36dfa9d718d02f162de3da1
6d1a88fefd03f20d4180414e199eb23a
8368bb5c714202b27d7c493c9c0306d7
8cc60b628bded497b11dbc04facc7b5d7160294cbe521764df1a9ccb219bba6b
90adcfdaead2fda42b9353d44f7a8ceb
aaad412aeb0f98c2c27bb817682f08673902a48b65213091534f96fe6f5494d9
c650b716f9eb0bd6b92b0784719081cd
cf22964951352c62d553b228cf4d2d9efe1ccb51729418c45dc48801d36f69b4
e03da0530a961a784fbba93154e9258776160e1394555d0752ac787f0182d3c0
http://137.184.15.189
https://hurricanepub.com/include/include.php
https://turnscor.com/wp-includes/contacts.php
https://www.elite4print.com/support/support.asp
1492fa04475b89484b5b0a02e6ba3e52544c264c294b57210404b96b65e63266
18c873c498f5b90025a3c33b17031223
3ac82652cf969a890345db1862deff4ea8885fe72fb987904c0283a2d5e6aac4
4914bcbbe36dfa9d718d02f162de3da1
6d1a88fefd03f20d4180414e199eb23a
8368bb5c714202b27d7c493c9c0306d7
8cc60b628bded497b11dbc04facc7b5d7160294cbe521764df1a9ccb219bba6b
90adcfdaead2fda42b9353d44f7a8ceb
aaad412aeb0f98c2c27bb817682f08673902a48b65213091534f96fe6f5494d9
c650b716f9eb0bd6b92b0784719081cd
cf22964951352c62d553b228cf4d2d9efe1ccb51729418c45dc48801d36f69b4
e03da0530a961a784fbba93154e9258776160e1394555d0752ac787f0182d3c0
http://137.184.15.189
https://hurricanepub.com/include/include.php
https://turnscor.com/wp-includes/contacts.php
https://www.elite4print.com/support/support.asp