#1259604: Operation Blue Sky - Amadey - Utilization of Russian botnet - Additional IOCs

Description: Spear Phishing attacks against organization based in East Asia, linked to potential North Korean adversary.

Reference:
https://blog.alyac.co.kr/2308
First Aid: IOCs:

FileHash-MD5 0eb6090397c74327cd4d47819f724953 0
FileHash-MD5 2bfbf8ce47585aa86b1ab90ff109fd57 1
FileHash-SHA256 33eeaf2f78e05a4911cf57c7ec52edf1ee48c308b58ce2ba46b0a3ee905bdfc7 0
FileHash-SHA256 367e347bbbad0a8f612973803a84aeeb6ba4db270277c7ad3e8799a733640746 1
hostname alabamaok0515.1apps.com 0
domain charley-online.com 0
domain fighiting1013.org 0
URL http://alabamaok0515.1apps.com/ 0
URL http://charley-online.com/back/2019/index.php 0
URL http://fighiting1013.org/2/ 0
URL http://fighiting1013.org/2/modif8.doc 0
URL http://fighiting1013.org/2/sp.exe 0
URL http://mail.naver-download.com/ 0
URL http://mail.naver-download.com/file/pay/ 0
URL http://mail.naver-download.com/file/pay/) 0
URL http://mail.naver-download.com/file/pay/typeword13.Doc 0
URL http://tgbabcrfv.1apps.com/ 0
URL http://tgbabcrfv.1apps.com/1.txt 0
URL http://tgbabcrfv.1apps.com/3.txt 0
hostname mail.naver-download.com 0
domain naver-download.com 0
hostname tgbabcrfv.1apps.com
More info: https://otx.alienvault.com/pulse/5cdc4df1cb5caaccf42c7e33?utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed

Date added May 16, 2019, 12:25 a.m.
Source AlienVault
Subjects
  • All New Malware Alerts - New Reports / IOCs in
  • . APTs - Advanced Persistent Threats - New Reports in
  • FlawedGrace Ransomware / ServHelper (TA505)
  • TA505 Threat Actor / TRat