mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-06-27 09:20:05 +00:00
Merge pull request #78 from jgru/2021.11.18.TA406
Add Proofpoint's report on TA406
This commit is contained in:
commit
51c10a4178
154
2021/2021.11.18.TA406_North_Korea_aligned/IOCs/indicators.csv
Normal file
154
2021/2021.11.18.TA406_North_Korea_aligned/IOCs/indicators.csv
Normal file
@ -0,0 +1,154 @@
|
||||
IoC,Type
|
||||
acount-pro[.]club,Domain
|
||||
acount-pro[.]live,Domain
|
||||
anlysis-info[.]xyz,Domain
|
||||
asia-studies[.]net,Domain
|
||||
bignaver[.]com,Domain
|
||||
carnegieinsider[.]com,Domain
|
||||
change-pw[.]com,Domain
|
||||
clonesec[.]us,Domain
|
||||
cloudnaver[.]com,Domain
|
||||
cloudocument[.]com,Domain
|
||||
cloudsecurityservice[.]net,Domain
|
||||
dailycloudservice[.]com,Domain
|
||||
daumhelp[.]net,Domain
|
||||
daum-protect[.]com,Domain
|
||||
deioncube[.]biz,Domain
|
||||
delivernaver[.]com,Domain
|
||||
delivers-security[.]com,Domain
|
||||
delivers-security[.]net,Domain
|
||||
diplomatictraining[.]com,Domain
|
||||
document-package[.]online,Domain
|
||||
documentpackages[.]link,Domain
|
||||
documentpackages[.]online,Domain
|
||||
documentpackage[.]space,Domain
|
||||
documentpackages[.]space,Domain
|
||||
documentpackages[.]store,Domain
|
||||
documentserver[.]site,Domain
|
||||
down-error[.]com,Domain
|
||||
download-apks[.]com,Domain
|
||||
downloader-hanmail[.]net,Domain
|
||||
download-live[.]com,Domain
|
||||
emailnaver[.]com,Domain
|
||||
globalcloudservices[.]org,Domain
|
||||
gooapi[.]online,Domain
|
||||
google-acount[.]com,Domain
|
||||
goolg-e[.]com,Domain
|
||||
goolge[.]space,Domain
|
||||
govermentweb[.]site,Domain
|
||||
help-master[.]online,Domain
|
||||
helpnaver[.]host,Domain
|
||||
helpnaver[.]link,Domain
|
||||
helpnaver[.]online,Domain
|
||||
help-naver[.]site,Domain
|
||||
helpnaver[.]site,Domain
|
||||
help-secure[.]info,Domain
|
||||
hpronto-login[.]com,Domain
|
||||
itamaraty[.]net,Domain
|
||||
knowledgeofworld[.]org,Domain
|
||||
lnfo-master[.]com,Domain
|
||||
login-protect[.]club,Domain
|
||||
login-protect[.]online,Domain
|
||||
mail-master[.]online,Domain
|
||||
mail[.]summitz[.]com,Domain
|
||||
microsoft-pro[.]host,Domain
|
||||
microsoft-pro[.]live,Domain
|
||||
microsoft-pro[.]site,Domain
|
||||
microsoft-pro[.]space,Domain
|
||||
midsecurity[.]org,Domain
|
||||
mid-service[.]com,Domain
|
||||
mid-service[.]org,Domain
|
||||
myethrvvallet[.]com,Domain
|
||||
mysoftazure[.]com,Domain
|
||||
naverhelp[.]com,Domain
|
||||
naversecurity[.]us,Domain
|
||||
nicnaver[.]com,Domain
|
||||
nidnaver[.]host,Domain
|
||||
nidnaver[.]press,Domain
|
||||
nidnaver[.]site,Domain
|
||||
nidnaver[.]store,Domain
|
||||
noreply-cc[.]online,Domain
|
||||
noreply-goolge[.]com,Domain
|
||||
noreply-sec[.]online,Domain
|
||||
noreply-yahoo[.]com,Domain
|
||||
oaass-torrent[.]com,Domain
|
||||
proattachfile[.]com,Domain
|
||||
pronto-login[.]info,Domain
|
||||
pw-change[.]com,Domain
|
||||
resetpolicy[.]com,Domain
|
||||
resetprofile[.]com,Domain
|
||||
rfa[.]news,Domain
|
||||
rnaii[.]com,Domain
|
||||
rnail-inbox[.]com,Domain
|
||||
rnailm[.]com,Domain
|
||||
rnail-suport[.]site,Domain
|
||||
rneail[.]com,Domain
|
||||
secureaction[.]ru,Domain
|
||||
securelevel[.]site,Domain
|
||||
security-acount[.]info,Domain
|
||||
securitycounci1report[.]org,Domain
|
||||
security-delivers[.]com,Domain
|
||||
securityforcastreport[.]com,Domain
|
||||
security-lnfo[.]com,Domain
|
||||
security-nid[.]space,Domain
|
||||
security-pro[.]me,Domain
|
||||
security-pro[.]online,Domain
|
||||
securitysettings[.]info,Domain
|
||||
seoulhobi[.]biz,Domain
|
||||
servicenaver[.]com,Domain
|
||||
servicenidnaver[.]com,Domain
|
||||
sinoforecast[.]com,Domain
|
||||
softfilemanage[.]com,Domain
|
||||
ssidnaver[.]com,Domain
|
||||
stategov[.]biz,Domain
|
||||
support-info[.]network,Domain
|
||||
unosa[.]org,Domain
|
||||
voakorea[.]news,Domain
|
||||
voakoreas[.]com,Domain
|
||||
voipgoogle[.]com,Domain
|
||||
vpsino[.]org,Domain
|
||||
webofknowledg[.]com,Domain
|
||||
xfindphoneloc[.]com,Domain
|
||||
xn--mcrosoft-online-hic[.]com,Domain
|
||||
0member-services[.]hol[.]es,Domain
|
||||
attachdown[.]000webhostapp[.]com,Domain
|
||||
attachdownload[.]000webhostapp[.]com,Domain
|
||||
attachdownload[.]99on[.]com,Domain
|
||||
dnsservice[.]esy[.]es,Domain
|
||||
emailru[.]99on[.]com,Domain
|
||||
firefox-plug[.]c1[.]biz,Domain
|
||||
koryogroup[.]1apps[.]com,Domain
|
||||
lookyes[.]c1[.]biz,Domain
|
||||
north-korea[.]medianewsonline[.]com,Domain
|
||||
online-manual[.]c1[.]biz,Domain
|
||||
romanovawillkillyou[.]c1[.]biz,Domain
|
||||
securitydownload[.]99on[.]com,Domain
|
||||
silverlog[.]hol[.]es,Domain
|
||||
softlay-ware[.]c1[.]biz,Domain
|
||||
takemetoyouheart[.]c1[.]biz,Domain
|
||||
taketodjnfnei898[.]c1[.]biz,Domain
|
||||
taketodjnfnei898[.]ueuo[.]com,Domain
|
||||
upsrv[.]16mb[.]com,Domain
|
||||
vscode-plug[.]c1[.]biz,Domain
|
||||
win10-ms[.]c1[.]biz,Domain
|
||||
1006ieudneu[.]atwebpages[.]com,Domain
|
||||
1995ieudneu[.]atwebpages[.]com,Domain
|
||||
fd-com[.]fr,Compromised Infrastructure
|
||||
influencer[.]jvproduccionessv[.]com,Compromised Infrastructure
|
||||
mail[.]apm[.]co[.]kr,Compromised Infrastructure
|
||||
oaass[.]co[.]kr,Compromised Infrastructure
|
||||
rabadaun[.]com,Compromised Infrastructure
|
||||
simple[.]kswebdesign[.]eu,Compromised Infrastructure
|
||||
www[.]acl-medias[.]fr,Compromised Infrastructure
|
||||
u13448720[.]ct[.]sendgrid[.]net,SendGrid Hostnames
|
||||
u19402039[.]ct[.]sendgrid[.]net,SendGrid Hostnames
|
||||
u7747409[.]ct[.]sendgrid[.]net,SendGrid Hostnames
|
||||
u8253848[.]ct[.]sendgrid[.]net,SendGrid Hostnames
|
||||
u9810308[.]ct[.]sendgrid[.]net,SendGrid Hostnames
|
||||
222.118.183[.]131,Email Sending Infrastructure (March 2021)
|
||||
192.109.119[.]6,Email Sending Infrastructure (April 2021)
|
||||
108.177.235[.]226,Email Sending Infrastructure (May 2021)
|
||||
108.62.12[.]11,Email Sending Infrastructure (May 2021)
|
||||
212.114.52[.]227,Email Sending Infrastructure (July 2021)
|
||||
de1d1931f2e821209f1508e4b7306e7eef296a42f21fe9784e22cf4670acd296,YoreKey
|
||||
347fdbd435f044fb1209125b22aaac5a9d826cfe5e5d543b190dc904cdd371c3,YoreKey
|
|
BIN
2021/2021.11.18.TA406_North_Korea_aligned/TA406_triple-threat-N-Korea-aligned-TA406-steals-scams-spies_Proofpoint.pdf
Normal file
BIN
2021/2021.11.18.TA406_North_Korea_aligned/TA406_triple-threat-N-Korea-aligned-TA406-steals-scams-spies_Proofpoint.pdf
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user