Kimsuky Group: Track the King of the Spear-Phishing
Contents
Kimsuky Group :
Track the King of the Spear-Phishing
2019.10.04
Jaeki Kim,
Kyoung-Ju Kwak,
Min-Chang Jang
@Financial Security Institute
About Me
§ JAEKI KIM (a.k.a JACK2)
§ Malware & Threat Analysis
§ Computer Emergency Analysis Team @FSI (2016~ )
§ Main Author of Threat Intelligence Report ‘Campaign DOKKAEBI’
§ Speaker of DOKKAEBI: Documents of Korean and Evil Binary @VB2018
§ Digital Forensic
§ CECRC @NEC(National Election Commission) (2016)
§ M.S. degree - Information Security
§ SANE Lab, Korea University (2014 ~ 2016)
§ Interest in Analysis
§ Mentor of Best of the Best(B.O.B) Program
(Vulnerability Analysis Track) @KITRI
§ Member of “KOREANBADASS”, “SeoulPlusBadass” Team
@DEFCON CTF Finalist (2017, 2018, 2019)
§ SNS(facebook,twitter) @2runjack2
2/155
About Me
§ Kyoung-ju KWAK
§ Manager of FSI Threat Analysis Team (~Jan.2019)
§ Manager of FSI Security Operations Center (Current)
§ Adjunct Professor, Department of Forensics,
@SungKyunKwan University
§ Main Author of Threat Intelligence Report
“Campaign Rifle : Andariel, The Maiden of Anguish”
§ Member of National Police Agency Cybercrime Advisory Committee
§ Speaker of {Blackhat, Kaspersky SAS, Kaspersky CSW
, PACSEC, HITCON, HACKCON, ISCR, etc}
§ SNS(facebook,twitter) …
Track the King of the Spear-Phishing
2019.10.04
Jaeki Kim,
Kyoung-Ju Kwak,
Min-Chang Jang
@Financial Security Institute
About Me
§ JAEKI KIM (a.k.a JACK2)
§ Malware & Threat Analysis
§ Computer Emergency Analysis Team @FSI (2016~ )
§ Main Author of Threat Intelligence Report ‘Campaign DOKKAEBI’
§ Speaker of DOKKAEBI: Documents of Korean and Evil Binary @VB2018
§ Digital Forensic
§ CECRC @NEC(National Election Commission) (2016)
§ M.S. degree - Information Security
§ SANE Lab, Korea University (2014 ~ 2016)
§ Interest in Analysis
§ Mentor of Best of the Best(B.O.B) Program
(Vulnerability Analysis Track) @KITRI
§ Member of “KOREANBADASS”, “SeoulPlusBadass” Team
@DEFCON CTF Finalist (2017, 2018, 2019)
§ SNS(facebook,twitter) @2runjack2
2/155
About Me
§ Kyoung-ju KWAK
§ Manager of FSI Threat Analysis Team (~Jan.2019)
§ Manager of FSI Security Operations Center (Current)
§ Adjunct Professor, Department of Forensics,
@SungKyunKwan University
§ Main Author of Threat Intelligence Report
“Campaign Rifle : Andariel, The Maiden of Anguish”
§ Member of National Police Agency Cybercrime Advisory Committee
§ Speaker of {Blackhat, Kaspersky SAS, Kaspersky CSW
, PACSEC, HITCON, HACKCON, ISCR, etc}
§ SNS(facebook,twitter) …
IoC
185.224.138.29
211.202.2.51
4de21c3af64b3b605446278de92dfff4
53ac231e8091abcd0978124f9268b4e4
8b59ea1ee28e0123da82801abc0cce4d
f22db1e3ea74af791e34ad5aa0297664
http://185.224.138.29
http://211.202.2.51
http://ddlove.kr
http://ddlovke.kr
http://gyjmc.com
http://member-authorize.com
http://military.co.kr
http://suppcrt-seourity.esy.es
http://www.military.co.kr
211.202.2.51
4de21c3af64b3b605446278de92dfff4
53ac231e8091abcd0978124f9268b4e4
8b59ea1ee28e0123da82801abc0cce4d
f22db1e3ea74af791e34ad5aa0297664
http://185.224.138.29
http://211.202.2.51
http://ddlove.kr
http://ddlovke.kr
http://gyjmc.com
http://member-authorize.com
http://military.co.kr
http://suppcrt-seourity.esy.es
http://www.military.co.kr