Create IOC-Kimsuky-2020-03-20.json

2020-03-22 00:37:44 +01:00 · 2020-03-22 00:37:44 +01:00 · 555bbaea1f
commit 555bbaea1f
parent 4a3161baa6
1 changed files with 72 additions and 0 deletions
--- a/Korea/APT/Kimsuky/2020-03-20/JSON/IOC-Kimsuky-2020-03-20.json
+++ b/Korea/APT/Kimsuky/2020-03-20/JSON/IOC-Kimsuky-2020-03-20.json
@ -0,0 +1,72 @@
+[
+    {
+        "Type":  "SHA-256",
+        "Indicator":  "1fcd9892532813a27537f4e1a1c21ec0c110d6b3929602750ed77bbba7caa426",
+        "Description":  "붙임. 전문가 칼럼 원고 작성 양식.doc"
+    },
+    {
+        "Type":  "SHA-256",
+        "Indicator":  "828a5527e25e3cab4e97ed25ec2b3d2d7cdf22f868101a33802598cc974d6db4",
+        "Description":  "flower01.ps1"
+    },
+    {
+        "Type":  "URL",
+        "Indicator":  "http://mybobo.mygamesonline.org/flower01/flower01.ps1",
+        "Description":  "URL delivery"
+    },
+    {
+        "Type":  "Domain",
+        "Indicator":  "mybobo.mygamesonline.org",
+        "Description":  "Domain C2"
+    },
+    {
+        "Type":  "IP",
+        "Indicator":  "185.176.43.82",
+        "Description":  "IP C2"
+    },
+    {
+        "Type":  "URL",
+        "Indicator":  "http://mybobo.mygamesonline.org/flower01/post.php",
+        "Description":  "URL C2"
+    },
+    {
+        "Type":  "SHA-256",
+        "Indicator":  "7d2b9f391588cc07d9ba78d652819d32d3d79e5a74086b527c32126ad88b5015",
+        "Description":  "COVID-19 and North Korea.docx"
+    },
+    {
+        "Type":  "URL",
+        "Indicator":  "http://crphone.mireene.com/plugin/editor/Templates/normal.php?name=web",
+        "Description":  "URL delivery"
+    },
+    {
+        "Type":  "SHA-256",
+        "Indicator":  "144242e42335b015145100dbaebf902df3403244921cf81402f67778959c642",
+        "Description":  "web.dotm"
+    },
+    {
+        "Type":  "URL",
+        "Indicator":  "http://crphone.mireene.com/plugin/editor/Templates/filedown.php?name=v1",
+        "Description":  "URL delivery"
+    },
+    {
+        "Type":  "SHA-256",
+        "Indicator":  "0588510dddbd802a5a95fa299d8fa7235b0c270236cbaf51e5b57536222226bf",
+        "Description":  "V1.py"
+    },
+    {
+        "Type":  "SHA-256",
+        "Indicator":  "7f83912127f5b9680ff57581fc40123c21257bd8e186d7cab4c838a867bb137f",
+        "Description":  "V60.py"
+    },
+    {
+        "Type":  "URL",
+        "Indicator":  "http://crphone.mireene.com/plugin/editor/Templates/filedown.php?name=new",
+        "Description":  "URL delivery"
+    },
+    {
+        "Type":  "URL",
+        "Indicator":  "http://crphone.mireene.com/plugin/editor/Templates/upload.php",
+        "Description":  "URL C2"
+    }
+]