North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
Contents
- Cisco Talos has observed a new malware campaign operated by the Kimsuky APT group since June 2021.
- Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced persistent threat (APT) group active since 2012.
- This campaign utilizes malicious blogs hosted on Blogspot to deliver three types of preliminary malicious content: beacons, file exfiltrators and implant deployment scripts.
- The implant deployment scripts, in turn, can infect the endpoint with additional implants such as system information-stealers, keyloggers and credential stealers.
- These implants are derivatives of the Gold Dragon/Brave Prince family of malware operated by Kimsuky since at least 2017 — now forked into three separate modules.
- This campaign targets South Korea-based think tanks whose research focuses on political, diplomatic and military topics pertaining to North Korea, China, Russia and the U.S.
What’s new?
Cisco Talos recently discovered a campaign operated by the North Korean Kimsuky APT group delivering malware …
- Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced persistent threat (APT) group active since 2012.
- This campaign utilizes malicious blogs hosted on Blogspot to deliver three types of preliminary malicious content: beacons, file exfiltrators and implant deployment scripts.
- The implant deployment scripts, in turn, can infect the endpoint with additional implants such as system information-stealers, keyloggers and credential stealers.
- These implants are derivatives of the Gold Dragon/Brave Prince family of malware operated by Kimsuky since at least 2017 — now forked into three separate modules.
- This campaign targets South Korea-based think tanks whose research focuses on political, diplomatic and military topics pertaining to North Korea, China, Russia and the U.S.
What’s new?
Cisco Talos recently discovered a campaign operated by the North Korean Kimsuky APT group delivering malware …
IoC
048f3564d5c4d3e0e3b879f33f3b8d340b692f505515e81f192544b98e269ccf
36187cd4bc18e4d6ddc5c96dc0ed038bfec751dac4f5354398fdaa89d9fcacd1
395eebf586d5fc033e22235f7a4224e91ad5dce8570023669c6dee97d04aa21d
4b0e2244f82170f4e569bb6b100890ec117458bf5cc835fd7bd991f0d334318b
4b244ac09e4b46792661754bd5d386e8b1a168cb1d5ed440df04c1c2928cb84d
5498c3eb2fb335aadcaf6c5d60560c5d2525997ba6af39b191f6092cb70a3aa6
5563599441935e3c0c8bdd42ec2c35b78f8376b6c9560898ef6401531058eb87
595be57cb6f025ec5753fbe72222e3f7c02b8cb27b438d48286375adbcf427c6
5e3907e9e2ed8ff12bb4e96b52401d871526c5ed502d2149dd4f680da4925590
811b42bb169f02d1b0b3527e2ca6c00630bebd676b235cd4e391e9e595f9dfa8
85f6db3a74a4f1a367cc0b60b190c5da56cd0116c1d6a20fd7b51cda8f8948d8
873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd
99b516acd059a4b88f281214d849c5134aa1cea936d69e8eb7393b22be0508a0
bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24
c43475601f330a5a17a50f075696e058429656db54cdfcbdccb0fb93446f6ac9
dddc57299857e6ecb2b80cbab2ae6f1978e89c4bfe664c7607129b0fc8db8b1f
de0932206c4d531ab4325c0ec8f025108a6807478eb5d744905560ae119fc6fa
e929f23c242cc102a16f5466163622585455aee7b6ed3f98d12787086b14e721
f4d06956085d2305c19dd78c6d01b06f17ab43e9dd4808885fd08d5da08dd9d2
http://eucie09111.myartsonline.com/0502/v.php
http://o61666ch.getenjoyment.net/post.php
http://44179d6df22c56f339bf.blogspot.com/2021/10/1.html
http://4b758c2e938d65bee050.blogspot.com/2021/10/1.html
http://akf4tvrbmg.blogspot.com/2021/08/1.html
http://amfuz2h5b2s.blogspot.com/2021/07/1.html
http://gyzang0826.blogspot.com/2021/08/1.html
http://gyzang1.blogspot.com/2021/08/1.html
http://gyzang58.blogspot.com/2021/08/1.html
http://gyzang58.blogspot.com/2021/08/2.html
http://gyzang681.blogspot.com/2021/08/1.html
http://gyzang681.blogspot.com/2021/08/2.html
http://gyzang682.blogspot.com/2021/08/1.html
http://kimshan600000.blogspot.com/2021/07/1.html
http://pjeu1urxdnvef6twpveg.blogspot.com/2021/09/1.html
http://rrmu1qrxdoekv6twc9pq.blogspot.com/2021/09/1.html
http://smyun0272.blogspot.com/2021/06/blog-post.html
http://smyun0272.blogspot.com/2021/06/donavyk.html
http://smyun0272.blogspot.com/2021/06/dootakim.html
http://tvrbmkxqstbouzq0twk0ee9uaz0.blogspot.com/2021/07/1_22.html
http://tvrfekxqrtvpqzr5tvrfdu5evt0.blogspot.com/2021/08/1.html
http://tvrfeuxqrtfnqzr4t0m0ee5utt0.blogspot.com/2021/08/1.html
http://twpbekxqsxpoqzr4txpvdu1uyzu.blogspot.com/2021/07/1.html
http://vev4tkrrpq.blogspot.com/2021/08/1.html
http://vgn5tvrrpq.blogspot.com/2021/08/1.html
http://vgt5tvrnpq.blogspot.com/2021/08/1.html
http://www.blogger.com/profile/00979528293184121513
http://www.blogger.com/profile/06488825595966996362
http://www.blogger.com/profile/08543251662563600075
http://www.blogger.com/profile/09461495260479357479
http://www.blogger.com/profile/11323350955991033715
http://www.blogger.com/profile/17163478108036561703
http://pcsecucheck.scienceontheweb.net
https://bigfile.mail.naver.com/bigfileupload/download?fid=Q9eCpzlTWrd9HqujK6wnFxEXKxKdHqUmKoumaxUdKxumaxgdHqurKqEmaAb9axvjMrMqMoErpo2wFx3SFquXa6MXKqICM6M/FxU/pAtrFoK=
https://bigfile.mail.naver.com/bigfileupload/download?fid=Qr+CpzlTWrd9HqKjK6wnFxEXKxKdHqUmKoumaxUdKxumaxgdHqurKqEmaAb9axvjFoFCFzUqKopCKxEXMoElMrpoF6J4KoCoFqEwFxvdF4t=
https://bigfile.mail.naver.com/bigfileupload/download?fid=QrFCpzlTWrd9HqUjK6wnFxEXKxKdHqUmKoumaxUdKxumaxgdHqurKqEmaAb9axvjpx3CKxi4K4tdMrp4axioFzpSFzUrFovqpotlpx+SpAv=
https://bigfile.mail.naver.com/bigfileupload/download?fid=QrRCpzlTWrd9HqtjK6wnFxEXKxKdHqUmKoumaxUdKxumaxgdHqurKqEmaAb9axvjFxbwFqiSpztXF630pxFCFqM9F6UZaAi4MrFCK4UrKqg=
36187cd4bc18e4d6ddc5c96dc0ed038bfec751dac4f5354398fdaa89d9fcacd1
395eebf586d5fc033e22235f7a4224e91ad5dce8570023669c6dee97d04aa21d
4b0e2244f82170f4e569bb6b100890ec117458bf5cc835fd7bd991f0d334318b
4b244ac09e4b46792661754bd5d386e8b1a168cb1d5ed440df04c1c2928cb84d
5498c3eb2fb335aadcaf6c5d60560c5d2525997ba6af39b191f6092cb70a3aa6
5563599441935e3c0c8bdd42ec2c35b78f8376b6c9560898ef6401531058eb87
595be57cb6f025ec5753fbe72222e3f7c02b8cb27b438d48286375adbcf427c6
5e3907e9e2ed8ff12bb4e96b52401d871526c5ed502d2149dd4f680da4925590
811b42bb169f02d1b0b3527e2ca6c00630bebd676b235cd4e391e9e595f9dfa8
85f6db3a74a4f1a367cc0b60b190c5da56cd0116c1d6a20fd7b51cda8f8948d8
873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd
99b516acd059a4b88f281214d849c5134aa1cea936d69e8eb7393b22be0508a0
bb0a3c784e55bd25f845644b69c57e3e470af51983617fdfe7ba5d253019ed24
c43475601f330a5a17a50f075696e058429656db54cdfcbdccb0fb93446f6ac9
dddc57299857e6ecb2b80cbab2ae6f1978e89c4bfe664c7607129b0fc8db8b1f
de0932206c4d531ab4325c0ec8f025108a6807478eb5d744905560ae119fc6fa
e929f23c242cc102a16f5466163622585455aee7b6ed3f98d12787086b14e721
f4d06956085d2305c19dd78c6d01b06f17ab43e9dd4808885fd08d5da08dd9d2
http://eucie09111.myartsonline.com/0502/v.php
http://o61666ch.getenjoyment.net/post.php
http://44179d6df22c56f339bf.blogspot.com/2021/10/1.html
http://4b758c2e938d65bee050.blogspot.com/2021/10/1.html
http://akf4tvrbmg.blogspot.com/2021/08/1.html
http://amfuz2h5b2s.blogspot.com/2021/07/1.html
http://gyzang0826.blogspot.com/2021/08/1.html
http://gyzang1.blogspot.com/2021/08/1.html
http://gyzang58.blogspot.com/2021/08/1.html
http://gyzang58.blogspot.com/2021/08/2.html
http://gyzang681.blogspot.com/2021/08/1.html
http://gyzang681.blogspot.com/2021/08/2.html
http://gyzang682.blogspot.com/2021/08/1.html
http://kimshan600000.blogspot.com/2021/07/1.html
http://pjeu1urxdnvef6twpveg.blogspot.com/2021/09/1.html
http://rrmu1qrxdoekv6twc9pq.blogspot.com/2021/09/1.html
http://smyun0272.blogspot.com/2021/06/blog-post.html
http://smyun0272.blogspot.com/2021/06/donavyk.html
http://smyun0272.blogspot.com/2021/06/dootakim.html
http://tvrbmkxqstbouzq0twk0ee9uaz0.blogspot.com/2021/07/1_22.html
http://tvrfekxqrtvpqzr5tvrfdu5evt0.blogspot.com/2021/08/1.html
http://tvrfeuxqrtfnqzr4t0m0ee5utt0.blogspot.com/2021/08/1.html
http://twpbekxqsxpoqzr4txpvdu1uyzu.blogspot.com/2021/07/1.html
http://vev4tkrrpq.blogspot.com/2021/08/1.html
http://vgn5tvrrpq.blogspot.com/2021/08/1.html
http://vgt5tvrnpq.blogspot.com/2021/08/1.html
http://www.blogger.com/profile/00979528293184121513
http://www.blogger.com/profile/06488825595966996362
http://www.blogger.com/profile/08543251662563600075
http://www.blogger.com/profile/09461495260479357479
http://www.blogger.com/profile/11323350955991033715
http://www.blogger.com/profile/17163478108036561703
http://pcsecucheck.scienceontheweb.net
https://bigfile.mail.naver.com/bigfileupload/download?fid=Q9eCpzlTWrd9HqujK6wnFxEXKxKdHqUmKoumaxUdKxumaxgdHqurKqEmaAb9axvjMrMqMoErpo2wFx3SFquXa6MXKqICM6M/FxU/pAtrFoK=
https://bigfile.mail.naver.com/bigfileupload/download?fid=Qr+CpzlTWrd9HqKjK6wnFxEXKxKdHqUmKoumaxUdKxumaxgdHqurKqEmaAb9axvjFoFCFzUqKopCKxEXMoElMrpoF6J4KoCoFqEwFxvdF4t=
https://bigfile.mail.naver.com/bigfileupload/download?fid=QrFCpzlTWrd9HqUjK6wnFxEXKxKdHqUmKoumaxUdKxumaxgdHqurKqEmaAb9axvjpx3CKxi4K4tdMrp4axioFzpSFzUrFovqpotlpx+SpAv=
https://bigfile.mail.naver.com/bigfileupload/download?fid=QrRCpzlTWrd9HqtjK6wnFxEXKxKdHqUmKoumaxUdKxumaxgdHqurKqEmaAb9axvjFxbwFqiSpztXF630pxFCFqM9F6UZaAi4MrFCK4UrKqg=