Targeted Threats Research - South & North Korea (a breakdown of 3 years of threat research in Korea)
Contents
Sections:
- Executive Summary
- Introduction
- Methodology
- Sample submission
- Auditing
- Malware analysis
- Email Content analysis
- Passive DNS & open-source threat intelligence
- Data Overview
- Cluster analysis
- MITRE ATTACK framework
- Analysis of pre & primary attack events
- Social Engineering
- Malware families
- Windows campaigns
- OS X campaigns
- Mobile malware campaigns
- CVEs
- AV detection effectiveness
- Content analysis
- Technical sophistication
- Cluster Analysis
- Threat Actor UCID902
- Learning from correlation analysis and application to civil society
- Conclusion
1: Executive Summary
This research highlights the critical role of civil society organizations (CSOs) in identifying and mitigating digital threats targeting activists, journalists, and human rights defenders in South Korea. Unlike private sector entities that rely on telemetry data, CSOs have direct access to victims' experiences, devices, and infrastructure. This unique vantage point allows for a deeper understanding of attack campaigns, their motivations, and their broader implications.
Key Findings:
- Enhanced Threat Visibility Through Direct Engagement – Working closely with victims provides unparalleled insight into adversary …
- Executive Summary
- Introduction
- Methodology
- Sample submission
- Auditing
- Malware analysis
- Email Content analysis
- Passive DNS & open-source threat intelligence
- Data Overview
- Cluster analysis
- MITRE ATTACK framework
- Analysis of pre & primary attack events
- Social Engineering
- Malware families
- Windows campaigns
- OS X campaigns
- Mobile malware campaigns
- CVEs
- AV detection effectiveness
- Content analysis
- Technical sophistication
- Cluster Analysis
- Threat Actor UCID902
- Learning from correlation analysis and application to civil society
- Conclusion
1: Executive Summary
This research highlights the critical role of civil society organizations (CSOs) in identifying and mitigating digital threats targeting activists, journalists, and human rights defenders in South Korea. Unlike private sector entities that rely on telemetry data, CSOs have direct access to victims' experiences, devices, and infrastructure. This unique vantage point allows for a deeper understanding of attack campaigns, their motivations, and their broader implications.
Key Findings:
- Enhanced Threat Visibility Through Direct Engagement – Working closely with victims provides unparalleled insight into adversary …
IoC
https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link
https://www.misp-project.org/
http://ms-office.services
https://citizenlab.ca/2013/10/targeted-threat-index/
https://work3.b4a.app/download.html?id=88&search=TUh3M0xEZ3NPQzR4TERFd2ZHSnZaSGt1ZEd
https://.work3.b4a.app/
https://github.com/0x0v1/MalwareRETools/blob/main/APT37/ROKRAT/ROKRATPSDecoder.py?ref=0x0v1.com
https://work3.b4a.app/download.html?id=88&search=TUh3M0xEZ3NPQzR4TERFd2ZHSnZaSGt1ZEdGaWJHVXFLazkwYUdWeWZIeGliMlI1TG5SaFlteGw=
3.0.0.0
[email protected]
6e3d7cdb6a506eba10f719c2ad5e5ef3d9a6bc84fb14789aa7c871200aa52816
83b97826c43808c5caa1b69c9c7cbeb0
c49b4d370ad0dcd1e28ee8f525ac8e3c12a34cfcf62ebb733ec74cca59b29f82
5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8
375f71617fa5171a7ed24dacc1fd7f632a55eaab
5de4215ba91bd52ae7371a049c23c8239302f3a5
44b3f46a370faf94cc51386b4ccaab83
https://www.misp-project.org/
http://ms-office.services
https://citizenlab.ca/2013/10/targeted-threat-index/
https://work3.b4a.app/download.html?id=88&search=TUh3M0xEZ3NPQzR4TERFd2ZHSnZaSGt1ZEd
https://.work3.b4a.app/
https://github.com/0x0v1/MalwareRETools/blob/main/APT37/ROKRAT/ROKRATPSDecoder.py?ref=0x0v1.com
https://work3.b4a.app/download.html?id=88&search=TUh3M0xEZ3NPQzR4TERFd2ZHSnZaSGt1ZEdGaWJHVXFLazkwYUdWeWZIeGliMlI1TG5SaFlteGw=
3.0.0.0
[email protected]
6e3d7cdb6a506eba10f719c2ad5e5ef3d9a6bc84fb14789aa7c871200aa52816
83b97826c43808c5caa1b69c9c7cbeb0
c49b4d370ad0dcd1e28ee8f525ac8e3c12a34cfcf62ebb733ec74cca59b29f82
5fec6e533fb9741997530a3d43b60ee44e2e6dc0fd443ef135b9d311b73d92a8
375f71617fa5171a7ed24dacc1fd7f632a55eaab
5de4215ba91bd52ae7371a049c23c8239302f3a5
44b3f46a370faf94cc51386b4ccaab83