Threat Assessment: North Korean Threat Groups

    Wednesday, September 11, 2024 In: Threat Research Print

    Date: 09/11/2024

    Severity: Medium

    Summary

    "Threat Assessment: North Korean Threat Groups" typically refers to an analysis of various North Korean entities that pose potential security risks. These groups may include government-sponsored organizations, military units, and cybercriminal factions. The assessment usually evaluates their capabilities, intentions, and activities, focusing on threats such as cyberattacks, espionage, and conventional military aggression. It aims to provide insights into North Korea’s strategic objectives and how these groups might impact global security and regional stability.

    Indicators of Compromise (IOC) List

    URL/Domain

    msedgepackageinfo.com

    swissborg.blog

    contortonset.com

    msstorageboxes.com

    officeaddons.com

    officestoragebox.com

    akamaitechcloudservices.com

    msstorageazure.com

    basketsalute.com

    sourceslabs.com

    primerosauxiliosperu.com

    jdkgradle.com

    relysudden.com

    azureonlinestorage.com

    rebelthumb.net

    zacharryblogs.com

    globalkeystroke.com

    glcloudservice.com

    prontoposer.com

    visualstudiofactory.com

    azuredeploystore.com

    pbxcloudeservices.com

    pbxphonenetwork.com

    pbxsources.com

    sbmsa.wiki

    rentedpushy.com

    airbseeker.com

    levelframeblog.com

    IP Address

    23.227.202.54

    23.254.226.90

    88.119.174.148

    38.132.124.88

    146.19.173.125

    198.244.135.250

    Hash

    c6a48365c3db9761bd60981bdcdd87aced23d8e60067caa30fee501bf4b47b84

c9a7b42c7b29ca948160f95f017e9e9ae781f3b981ecf6edbac943e52c63ffc8

7667d1b8fcc4f712084e3e3f8b4ab505ab150c52aea7b219249ec508b4b0e224

2546d239a262c24a6f8ea01d890cbc459a22db79b379b6ec3b24fbb56efb5381

15d53bb839e00405a34a8b690ec181f5555fc4f891b8248ae7fa72bad28315a9

8bfa4fe0534c0062393b6a2597c3491f7df3bf2eabfe06544c53bdf1f38db6d4

bce1eb513aaac344b5b8f7a9ba9c9e36fc89926d327ee5cc095fb4a895a12f80

5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456

f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703

c83c7b000a955f2b8cb92bb112ed606ffd9fbebbe3422f80d90d06b167f2f37b

973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c

db6a9934570fa98a93a979e7e0e218e0c9710e5a787b18c6948f2eedd9338984

c7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe

a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67

927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6

5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8

bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6b

63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c

cbf4cfa2d3c3fb04fe349161e051a8cf9b6a29f8af0c3d93db953e5b5dc39c86

2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1

e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec

6c121f2b2efa6592c2c22b29218157ec9e63f385e7a1d7425857d603ddef8c59

d8565d58ad8e4f5558b5cd70df0ad12be9cf44e32ad07aaac6f65b816edbf414

fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7

87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c

a03d13c9825e150810e6e6aaf053d71ec5a53b86581414dd982a74d4a8bc5475

f1713afaf5958bdf3e975ebbab8245a98a84e03f8ce52175ef1568de208116e0

99dbc6fe3c3e465052fcefa1642861747dc9e069eeb244589b605bd710b1e0d1

0b5db31e47b0dccfdec46e74c0e70c6a1684768dbacc9eacbb4fd2ef851994c7

081804b491c70bfa63ecdbe9fd4618d3570706ad8b71dba13e234069648e5e48

5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a

492a643bd1efdaca4ca125ade1b606e7bbf00e995ac9115ac84d1c4c59cb66dd

3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940

3c8dbfcbb4fccbaf924f9a650a04cb4715f4a58d51ef49cc75bfcef0ac258a3e

91eaf215be336eae983d069de16630cc3580e222c427f785e0da312d0692d0fd

689cfaa9319f3f7529a31472ecf6b2e0ca6891b736de009e0b6c2ebac958cc94

479038eb12ed07893ee0dcc04fbdcf182489bbb271f5a4f90f83874881a80ce3

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    URL/Domain

    userdomainname like "msedgepackageinfo.com" or url like "msedgepackageinfo.com" or userdomainname like "swissborg.blog" or url like "swissborg.blog" or userdomainname like "contortonset.com" or url like "contortonset.com" or userdomainname like "msstorageboxes.com" or url like "msstorageboxes.com" or userdomainname like "officeaddons.com" or url like "officeaddons.com" or userdomainname like "officestoragebox.com" or url like "officestoragebox.com" or userdomainname like "akamaitechcloudservices.com" or url like "akamaitechcloudservices.com" or userdomainname like "msstorageazure.com" or url like "msstorageazure.com" or userdomainname like "basketsalute.com" or url like "basketsalute.com" or userdomainname like "sourceslabs.com" or url like "sourceslabs.com" or userdomainname like "primerosauxiliosperu.com" or url like "primerosauxiliosperu.com" or userdomainname like "jdkgradle.com" or url like "jdkgradle.com" or userdomainname like "relysudden.com" or url like "relysudden.com" or userdomainname like "azureonlinestorage.com" or url like "azureonlinestorage.com" or userdomainname like "rebelthumb.net" or url like "rebelthumb.net" or userdomainname like "zacharryblogs.com" or url like "zacharryblogs.com" or userdomainname like "globalkeystroke.com" or url like "globalkeystroke.com" or userdomainname like "glcloudservice.com" or url like "glcloudservice.com" or userdomainname like "prontoposer.com" or url like "prontoposer.com" or userdomainname like "visualstudiofactory.com" or url like "visualstudiofactory.com" or userdomainname like "azuredeploystore.com" or url like "azuredeploystore.com" or userdomainname like "pbxcloudeservices.com" or url like "pbxcloudeservices.com" or userdomainname like "pbxphonenetwork.com" or url "pbxphonenetwork.com" or userdomainname like "pbxsources.com" or url like "pbxsources.com" or userdomainname like "sbmsa.wiki" or url like "sbmsa.wiki" or userdomainname like "rentedpushy.com" or url like "rentedpushy.com" or userdomainname like "airbseeker.com" or url like "airbseeker.com" or userdomainname like "levelframeblog.com" or url like "levelframeblog.com"

    IP Address

    dstipaddress IN ("23.227.202.54","23.254.226.90","88.119.174.148","38.132.124.88","146.19.173.125","198.244.135.250") or ipaddress IN ("23.227.202.54","23.254.226.90","88.119.174.148","38.132.124.88","146.19.173.125","198.244.135.250") or publicipaddress IN ("23.227.202.54","23.254.226.90","88.119.174.148","38.132.124.88","146.19.173.125","198.244.135.250") or srcipaddress IN ("23.227.202.54","23.254.226.90","88.119.174.148","38.132.124.88","146.19.173.125","198.244.135.250")

    Hash

    sha256hash IN ("c6a48365c3db9761bd60981bdcdd87aced23d8e60067caa30fee501bf4b47b84","c9a7b42c7b29ca948160f95f017e9e9ae781f3b981ecf6edbac943e52c63ffc8","7667d1b8fcc4f712084e3e3f8b4ab505ab150c52aea7b219249ec508b4b0e224","2546d239a262c24a6f8ea01d890cbc459a22db79b379b6ec3b24fbb56efb5381","15d53bb839e00405a34a8b690ec181f5555fc4f891b8248ae7fa72bad28315a9","8bfa4fe0534c0062393b6a2597c3491f7df3bf2eabfe06544c53bdf1f38db6d4","bce1eb513aaac344b5b8f7a9ba9c9e36fc89926d327ee5cc095fb4a895a12f80","5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456","f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703","c83c7b000a955f2b8cb92bb112ed606ffd9fbebbe3422f80d90d06b167f2f37b","973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c","db6a9934570fa98a93a979e7e0e218e0c9710e5a787b18c6948f2eedd9338984","c7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe","a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67","927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6","5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8","bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6b","63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c","cbf4cfa2d3c3fb04fe349161e051a8cf9b6a29f8af0c3d93db953e5b5dc39c86","2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1","e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec","6c121f2b2efa6592c2c22b29218157ec9e63f385e7a1d7425857d603ddef8c59","d8565d58ad8e4f5558b5cd70df0ad12be9cf44e32ad07aaac6f65b816edbf414","fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7","87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c","a03d13c9825e150810e6e6aaf053d71ec5a53b86581414dd982a74d4a8bc5475","f1713afaf5958bdf3e975ebbab8245a98a84e03f8ce52175ef1568de208116e0","99dbc6fe3c3e465052fcefa1642861747dc9e069eeb244589b605bd710b1e0d1","0b5db31e47b0dccfdec46e74c0e70c6a1684768dbacc9eacbb4fd2ef851994c7","081804b491c70bfa63ecdbe9fd4618d3570706ad8b71dba13e234069648e5e48","5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a","492a643bd1efdaca4ca125ade1b606e7bbf00e995ac9115ac84d1c4c59cb66dd","3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940","3c8dbfcbb4fccbaf924f9a650a04cb4715f4a58d51ef49cc75bfcef0ac258a3e","91eaf215be336eae983d069de16630cc3580e222c427f785e0da312d0692d0fd","689cfaa9319f3f7529a31472ecf6b2e0ca6891b736de009e0b6c2ebac958cc94","479038eb12ed07893ee0dcc04fbdcf182489bbb271f5a4f90f83874881a80ce3")

    Reference: 

    https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/


    Tags

    MalwareRAT

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.