#APT #DPRK #ROKRAT. 20b6d0b1f9b2bfa388510e35b7fece61. Related to:

#APT #DPRK. d98ed7f95003332a873fbb03c9ec1237. Decoy: 국가정보연구회 소식지(52호).pdf. D:\Work\Weapon\InjectFirst\Release\InjectFirst.pdb

#APT #DPRK. The final payload performs the following malicious functions. UAC Elevation:Administrator.TLS Connection.Key logging.Browser Infosteal.

#APT #DPRK. 5a59b2fb4603062e2d469f51b0647a64. Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk. hxxps://dryskyholding[.]com/wp-includes/js/common/inc/get.php. /wp-includes/js/common/src/upload.php.and /src/list.php?. Related to this:

#APT #DPRK. 639b5489d2fb79bcb715905a046d4a54. Decoy: 국민은행 송금 및 거래내역 관련 소명자료 제출 요청 안내(20250722).hwp.lnk. hxxps://creativepackout[.]co/wp-admin/js/widgets/hurryup/?rv=bear^&za=battle0. ?rv=bear^&za=battle1

#APT #SUSP. 51ddda068e1851c97b59078f98a87a98. Info steal(identifier-0920win): $ipAddress-$currentTime-XXX-1001coincatch.txt.Dropbox upload path: /github/Log/1001coincatch/.hxxps://drive.google[.]com/uc?export=download&id=1Im5Ud6Fz1VFkQQZ9Gzkh1J7zfuwn7kB6

#APT #DPRK. 904e87804a8f356d90c6b3e5409c9b62. hxxps://stock-investing-basics[.]com/jessica/wp-includes/js/common/src/get.php.upload.php.list.php

#APT #DPRK. 9a54a114602b136c88b6dc69bb8c7bc3. Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk. AutoIt3.exe.hxxps://clerwine[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle0. KWfFIpS.cdr.hxxps://clerwine[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle1

#APT #DPRK. cc72c5bf20e8d5d6efa66dfc1d8efaa4. Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk. hxxps://thegreatratings[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle0.hxxps://thegreatratings[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle1 .77.246.108[.]36

#APT #SUSP. def6766521070a6d45b797c8c834ed88. Decoy: 국세 고지서.pdf.lnk.URL = hxxps://cdn.glitch[.]global/b33b49c5-5e3d-4a33-b66b-c719b917fa62/txbib.hta.Second files: {URL}/v3.hta?v=277522.hxxp://18.224.110[.]228:8080/stub.exe?v=2.0.3.txt&serial=SUCCESS!

#APT #DPRK. eabb3b271c7f0df17b62a10461840351. Decoy: 개인정보보호 의무사항 실태점검서.hwp.lnk. hxxps://24hrkpop[.]com/wp-includes/js/src/lib/list.php.get.php.upload.php. Reg Run name: startsvc1

#APT #SUSP. 95fc3891ce910f34080d4781bc7641be323ba6b761ec48ef50ab2f0b74f5a5b7.174.138.186[.]157:5511 & 7788 & 9558.rr7.tmp: hxxp://www.travelyoichi[.]jp/okinawa/showphoto[.]php.REG Run name: PUpdate(H3628.js), runkey(rr7.tmp).Taskschd: AMicrosoftEdgeUpdateExpanding[93852691]

#APT #DPRK. f536eee0a63f4e324de3983975a42f24.(This File is not malware. Just decoy.). Decoy: 공문_가상자산사업자 CEO 간담회 개최 안내.zip

#APT #DPRK. 024f33b3051bc97c404020a61d22daf6567498b42cb4b7a5fc9d69466929be2b. Decoy Content name (hwp): 자금출처명세서. hxxps://www.rayanlynch[.]com/wp-includes/js/common/src/upload.php

Document Information - ETC: generated by python-docx

#APT #DPRK. 135696c7a5b543ce2ab4a6aac7615d4fdce261c3c7097bea738ba46bcd948660. Decoy: 소명자료 제출 안내서.hwp.lnk. hxxps://www.rayanlynch[.]com/wp-includes/js/common/src/upload.php.& list.php.& upload.php

#APT #DPRK. f9f3b762ed1719bf141c38f8c4f21d76cd65c5ac6c62a4b94ce68569ce87178c. Decoy: 가상자산 관련 외부평가위원 위촉 안내.hwp.lnk. hxxps://www.seacura[.]com/wp-includes/js/src/list.php.& upload.php.& get.php

#APT #DPRK. d48032d835c95af816fbcea6e659cdbe. Decoy: NTS_eTaxInvoice.html.lnk. https://deliberatecollaboration[.]com/wp-includes/js/src/get.php.& upload.php.& list.php. similar.

#APT #DPRK. b2a57a669de93671eb658648530a6367. Decoy: 종합소득세 과세표준확정신고 및 납부계산서(소득세법 시행규칙) .hwp.lnk. hxxps://deliberatecollaboration[.]com/wp-includes/js/inc/get.php?ra=iew&zw=lk0100.& upload.php.& list.php. Reg Run Name: startsvc1.xor Key : 0x71, 0x70

#APT #DPRK. 411a04fdabc516379aea96a6ac2282eac48c552f042bb55b5cb7b8720131703f. Decoy: 미신고 자금출처 해명자료 제출 안내(부가가치세법 시행규칙).hwp.lnk. hxxps://voicevosi[.]com/plugins/content/loadmodule/src/js/upload.php.and /list.php.and /get.php?ra=iew&zw=lk0100