API tools faq
paste
Advertisement
TrashScrape

Kimsuky Group activities in the first half of 2021

TrashScrape
Jul 27th, 2021
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.48 KB | None | 0 0
raw download clone embed print report
  1. A kind of bait:
  2. d7b717134358bbeefc5796b5912369f0
  3. 6a614ca002c5b3a4d7023faffc0546e1
  4. bce51419fae8acbeff3149ca53f8baad
  5. 49a04c85555b35f998b1787b325526e6
  6. c9f23b6ee1ba97c753892e6c103521d6
  7. 5b2355014f72dc2714dc5a5f04fe9519
  8. 8ca84c206fe8436dcc92bf6c1f7cf168
  9. d725efd437d26e01e3b64e722929c01e
  10. 0d36f4f5a1f7bc7d89fbda02be7c2336
  11. 86c462b8ceffbc10018df2c32e024b29
  12. 208a3b4565d3041d09448a23a80edf1c
  13.  
  14. http://connectter[.]atwebpages[.]com/2612/download[.]php?
  15. http://majar[.]medianewsonline[.]com/0812/1[.]php?
  16. http://majar[ .]medianewsonline[.]com/0812/1[.]php?
  17. http://eucie09111[.]myartsonline[.]com/0502/v[.]php?
  18. http://hanlight[.]mygamesonline[.] org/2403/v[.]php?
  19. http://ftcpark59[.]getenjoyment[.]net/1703/v[.]php?
  20.  
  21.  
  22. Two types of bait:
  23. dfbe17d9dfa3f3bb715e1d8348bd1f50
  24. dc5fa08c7e2bb959042f5572c91ada5e
  25. 1269e2b00fd323a7748215124cb058cd
  26. 9d3b4e82d2c839ffc2887946fb204615
  27. 5973ba270e9b5ea57c138245ffc39552
  28. af3288ed7853865d562ccd1f48fa4a16
  29. 199674e87f437bdbd68884b155346d25
  30.  
  31.  
  32. http://manct[.]atwebpages[.]com/ck/uy[.]txt
  33. http://fabre[.]myartsonline[.]com/ys/ha[.]txt
  34. http://rukagu[.] mypressonline[.]com/le/yj[.]txt
  35. http://quarez[.]atwebpages[.]com/ny/ui[.]txt
  36. http://quarez[.]atwebpages[.]com/ny/ post[.]php
  37. http://quarez[.]atwebpages[.]com/ds/le[.]txt
  38. http://waels[.]onlinewebshop[.]net/st/wa[.]txt
  39. http:/ /pootball[.]medianewsonline[.]com/ro/ki[.]txt
  40.  
  41.  
  42.  
  43. Three types of bait:
  44.  
  45. 04a0505cc45d2dac4be9387768efcb7c
  46. d3a317dd167cfa77c976fa9c86c24982
  47. d8e817abd5ad765bf7acec5d672cbb8d
  48. 4886f89546c422f5e04c2da33090a201
  49. 0a68d6a3d0aa9c5a3a4485d314ea8372
  50. c6437d685f4a489c867b4d2b68f07f1a
  51. 36ad6b5775ac550a36f56467051d2c03
  52. ec3f771c71a24c165697e26e136daa4a
  53. 9ee9dacd6703c74e959a70a18ebb3875
  54. 1670bb091dba017606ea5e763072d45f
  55. 21b72a6ed58db07a7f7c16372c3422e2
  56. 41aba3f7a154fb209beba0e36e6ef3ab
  57. 68a1cc84de7d5802b7251786a8a5da0c
  58. a9b6cf8d8d0a67da4eea269dab16fe99
  59. fe4dd316363d3631c83c2995dd3775f4
  60.  
  61. http://yanggucam[.]designsoup[.]co[.]kr/user/views/board/skin/secret/css/list[.]php?query=1
  62.  
  63. http://samsoding[.]homm7[.]gethompy[.]com/plugins/dropzone/min/css/list[.]php?query=1
  64.  
  65. http://www[.]mechapia[.]com/_admin/nicerlnm/web/style/list[.]php?query=1
  66.  
  67. http://miracle[.]designsoup[.]co[.]kr/user/views/resort/controller/css/update/list[.]php?query=1
  68.  
  69. http://cwda[.]co[.]kr/theme/basic/skin/new/basic/update/list[.]php?query=1
  70.  
  71. http://cwda[.]co[.]kr/theme/basic/skin/new/basic/update/Normal[.]dotm?q=6
  72.  
  73. http://heritage2020[.]cafe24[.]com/plugin/kcpcert/bin/list[.]php?query=1
  74.  
  75. http://www[.]inonix[.]co[.]kr/kor/page/product/_notes/list[.]php?query=1
  76.  
  77. http://www[.]inonix[.]co[.]kr/kor/page/product/_notes/tmp/?q=6
  78.  
  79. http://beilksa[.]scienceontheweb[.]net/cookie/select/log/list[.]php?query=1
  80.  
  81. http://beilksa[.]scienceontheweb[.]net/cookie/select/log/tmp?q=6
  82.  
  83. http://www[.]inonix[.]co[.]kr/kor/board/widgets/mcontent/skins/tmp?q=6
  84.  
  85. http://koreacit[.]co[.]kr/skin/new/basic/update/temp?q=6
  86.  
  87. https://reform-ouen[.]com/wp-includes/css/dist/nux/dotm/dwn[.]php?id=0119
  88.  
  89. http://www[.]anpcb[.]co[.]kr/plugin/sns/facebook/src/update/normal[.]dotm?q=6
  90.  
  91. http://beilksa[.]scienceontheweb[.]net/cookie/select/log/tmp?q=6
  92.  
  93.  
  94.  
  95. Four types of bait:
  96. 0821884168a644f3c27176a52763acc9
  97. 95c92bcfc39ceafc1735f190a575c60c
  98.  
  99. http://wbg0909[.]scienceontheweb[.]net/0412/download[.]php?
  100. https://smyun0272[.]blogspot[.]com/2021/06/dootakim[.]html
  101. http://alyssalove [.]getenjoyment[.]net/0423/v[.]php?
  102.  
  103.  
  104. Five types of decoys: New decoy document testing activities: e3e40b3eaefeb0c63dd449087a8988efFE3AD944D07B66C83DC433C39FC054F4D79C92CC5AB70B61B2E174256577EA3A9E0B68D23D36A6D53276BA204BD8377120DE780D36A6D276BA204BD8377120F380EBF380F9EBF380F9CF9F3,7,7,F,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,:::::::::::::::::workthan::::::::::::; : ;; : ;; : ;; : ;; : ;; : ;;;
  105.  
  106.  
  107.  
  108.  
  109.  
  110.  
  111.  
  112. https://1ive[.]me/ww/mac/0526_sim/d[.]php?na=version[.]gif
  113. https://onedrive[.]live[.]com/?authkey=%21APtP1%2DAyXU4q3Gg&cid =EA63197CF6E2BF62&id=EA63197CF6E2BF62%21171&parId=root&o=OneUp
  114. https://worldinfocontact[.]club/111/mac3[.]php?na="username"
  115. https://worldinfocontact[.]club/111/bill/cow[. ]php?op=1drop[.]bat
  116. https://worldinfocontact[.]club/111/bill/expres[.]php?op=2
  117. http://nuclearpolicy101[.]org/wp-admin/includes/0421 /d[.]php?na=dot[.]gif
  118. http://nuclearpolicy101[.]org/wp-admin/includes/0421/d[.]php?na=vbtmp
  119.  
  120.  
  121.  
  122. hancom
  123.  
  124. 15ec5c7125e6c74f740d6fc3376c130d
  125.  
  126. 3ecc65085a91044a119abce4f0c0d4de
  127.  
  128. ec19cd77170b6ac8772c5799fdd88852
  129.  
  130. 11ac8609d64e5a5ade83eff92e4f1314
  131.  
  132. 1d30dfa5d8f21d1465409b207115ded6
  133.  
  134. 37e4865de72c3169d591e16ef8823676
  135.  
  136. e69294040dab044805c9d7c47fef4844
  137.  
  138. cf5815a1f635dca148ccffeb074b64d5
  139.  
  140. c9dae2b42f0b28631dc314a74fa2177f
  141.  
  142. 0629fd238259d7df7aa22ca82ac6b93e
  143.  
  144. 425f291cbaee9b44214057642db271a5
  145.  
  146. 0e998937644007904f27a1eaffe32df5
  147.  
  148. 7a67b8c387f24b782e46601634165681
  149.  
  150. 6ec77913e6a359ee4e62909e28c08f1d
  151.  
  152. 2399df3a222032c188a22df52a49384a
  153.  
  154. d73239230625afd2d9fa6cce1c6c022c
  155.  
  156. 4a139f6888790f059ff5e19056ca5664
  157.  
  158. 71e480edcb51a02b8460ccc9b2dfa272(doc)
  159.  
  160. 72d43ff8f9ee0819e96ed7fd7d9a551a(wieb.dat)
  161.  
  162. 7f8a4e0dca2e18121af505d9198d81d1(cvwiq.zip)
  163.  
  164. 523b3401b0fb0e8aec9be70f57686840(hancom_vmp_zip)
  165.  
  166. 4a139f6888790f059ff5e19056ca5664(hancom_vmp)
  167.  
  168. http://kr2959[.]atwebpages[.]com/view.php?id=2
  169.  
  170. http://kr2959[.]atwebpages[.]com/view[.]php?id=21504
  171.  
  172. klsa[.]onlinewebshop.net
  173.  
  174.  
  175.  
  176. Attacker's mailbox:
  177.  
  178. flower9801@hanmail.net
  179.  
  180.  
  181.  
  182. It may be a stolen mailbox/ID:
  183.  
  184. nk_biz_forum
  185.  
  186. applebox31@daum.net
  187.  
  188. daeknmoon@daum.net
  189.  
  190. shin.kyungjin@daum.net
  191.  
  192. article: https://mp.weixin.qq.com/s/og8mfnqoKZsHlOJdIDKYgQ
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!