Threat Assessment: North Korean Threat Groups
Sept. 10, 2024, 8:56 a.m.
Tags
External References
Description
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10 malware samples across Windows, macOS, and Linux systems, providing technical insights into their functionality and Palo Alto Networks Cortex XDR's capability to detect and mitigate these threats.
Date
Published: Sept. 10, 2024, 8:23 a.m.
Created: Sept. 10, 2024, 8:23 a.m.
Modified: Sept. 10, 2024, 8:56 a.m.
Indicators
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7
f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703
f1713afaf5958bdf3e975ebbab8245a98a84e03f8ce52175ef1568de208116e0
d8565d58ad8e4f5558b5cd70df0ad12be9cf44e32ad07aaac6f65b816edbf414
cbf4cfa2d3c3fb04fe349161e051a8cf9b6a29f8af0c3d93db953e5b5dc39c86
c83c7b000a955f2b8cb92bb112ed606ffd9fbebbe3422f80d90d06b167f2f37b
c6a48365c3db9761bd60981bdcdd87aced23d8e60067caa30fee501bf4b47b84
bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6b
bce1eb513aaac344b5b8f7a9ba9c9e36fc89926d327ee5cc095fb4a895a12f80
a03d13c9825e150810e6e6aaf053d71ec5a53b86581414dd982a74d4a8bc5475
99dbc6fe3c3e465052fcefa1642861747dc9e069eeb244589b605bd710b1e0d1
91eaf215be336eae983d069de16630cc3580e222c427f785e0da312d0692d0fd
87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43c
7667d1b8fcc4f712084e3e3f8b4ab505ab150c52aea7b219249ec508b4b0e224
689cfaa9319f3f7529a31472ecf6b2e0ca6891b736de009e0b6c2ebac958cc94
5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8
5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456
5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505a
492a643bd1efdaca4ca125ade1b606e7bbf00e995ac9115ac84d1c4c59cb66dd
479038eb12ed07893ee0dcc04fbdcf182489bbb271f5a4f90f83874881a80ce3
3c8dbfcbb4fccbaf924f9a650a04cb4715f4a58d51ef49cc75bfcef0ac258a3e
2546d239a262c24a6f8ea01d890cbc459a22db79b379b6ec3b24fbb56efb5381
15d53bb839e00405a34a8b690ec181f5555fc4f891b8248ae7fa72bad28315a9
0b5db31e47b0dccfdec46e74c0e70c6a1684768dbacc9eacbb4fd2ef851994c7
081804b491c70bfa63ecdbe9fd4618d3570706ad8b71dba13e234069648e5e48
973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c
63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c
8bfa4fe0534c0062393b6a2597c3491f7df3bf2eabfe06544c53bdf1f38db6d4
c7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14fe
c9a7b42c7b29ca948160f95f017e9e9ae781f3b981ecf6edbac943e52c63ffc8
2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1
3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940
927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6
6c121f2b2efa6592c2c22b29218157ec9e63f385e7a1d7425857d603ddef8c59
db6a9934570fa98a93a979e7e0e218e0c9710e5a787b18c6948f2eedd9338984
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcec
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67
88.119.174.148
38.132.124.88
23.254.226.90
23.227.202.54
198.244.135.250
146.19.173.125
www.talesseries.com
http://www.talesseries.com/write.php
http://rgedist.com/sfxl.php
rgedist.com
rentedpushy.com
relysudden.com
prontoposer.com
rebelthumb.net
levelframeblog.com
globalkeystroke.com
contortonset.com
basketsalute.com
airbseeker.com
jdkgradle.com
swissborg.blog
Attack Patterns
OdicLoader
PondRAT
POOLRAT
Fullhouse
ObjCShellz
SmoothOperator
Comebacker
KANDYKORN
CollectionRAT
RustBucket
Various North Korean groups under the Reconnaissance General Bureau
T1009
T1045
T1486
T1070
T1564
T1518
T1106
T1105
T1083
T1071
T1543
T1055
T1210
T1219
T1036
T1204
T1027
T1053
T1562
T1059