#1263178: Overlaps between Konni and Kimsuky Attackers - Additional IOCS

Description: inks between two North Korean groups of attackers.
Reference:
https://blog.alyac.co.kr/2347
First Aid: IOCs:

FileHash-MD5 0eb6090397c74327cd4d47819f724953 2
FileHash-MD5 2614bd5b8177ef93efaa9b06beda2398 2
FileHash-MD5 2bfbf8ce47585aa86b1ab90ff109fd57 3
FileHash-MD5 3dcd31490846e235bc17cbfdac0a9484 0
FileHash-MD5 49b3c5975c8717da0606ec060b4271a2 2
FileHash-MD5 87e00dede257d234d2558ed2ae0d7ec2 1
FileHash-MD5 b5d9d194e1bea5889096460172673081 2
FileHash-MD5 b9ba36607ea379da4b6620c4e3fce2ca 2
FileHash-MD5 c616893e73cfa2a5456deb578725f1e7 1
hostname carolie-svr-v1.16mb.com 0
FileHash-MD5 dfe2f5fc4579f5cb56a76702a61e692a 0
hostname filer1.1apps.com 7
hostname filer2.1apps.com 2
URL http://ago2.co.kr/bbs/data/dir 1
URL http://filer1.1apps.Com/1.txt 0
URL http://filer1.1apps.com/1.txt 5
URL http://jejuseongahn.org/hboard4/data/cheditor/badu/log.txt 0
URL http://kuku675.site11.com/data/zero/log.txt 0
URL http://naoei3-tosma.96.lt/1 0
URL http://www.jejuseongahn.org/hboard4/data/file/AccountChooser/confirm' 0
hostname kuku675.site11.com 3
hostname kuku79.herobo.com 3
hostname my-homework.890m.com 8
hostname naiei-aldiel.16mb.com 1
hostname naoei3-tosma.96.lt 2
hostname naver-security-mail.96.lt 0
hostname oeks39402.890m.com 0
hostname upgradesrv.890m.com
More info: https://otx.alienvault.com/pulse/5cffce34469a83ecb23c93db?utm_medium=InProduct&utm_source=OTX&utm_content=Email&utm_campaign=new_pulse_from_subscribed

Date added June 11, 2019, 10:46 p.m.
Source AlienVault
Subjects
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • . APTs - Advanced Persistent Threats - New Reports in
  • . APTs - North Korea - New Reports in
  • Nokki / Konni Malware (possibly North Korean, tied to REAPER APT Group)
  • North Korea - Kimsuky
Country North Korea