JangPro

@JangPr0

Joined January 2023

45 Following

722 Followers

105 Posts

JangPro @JangPr0

4 months ago

#APT 3ba252288bde5cd59db0903b26edecd2 d45696ee33baef59ae97d7a54af221d7 > Create bot id: BCryptGenRandom{8} > Authorization: Bearer [A/U-botID] > response data RC4 Key: #RsfsetraW#@EsfesgsgAJOPj4eml; > response data export func name "hello" > load.erasecloud.n-e[.]kr/fwrite.php

JangPr0's tweet photo. #APT

3ba252288bde5cd59db0903b26edecd2
d45696ee33baef59ae97d7a54af221d7

> Create bot id: BCryptGenRandom{8}
> Authorization: Bearer [A/U-botID]
> response data RC4 Key: #RsfsetraW#@EsfesgsgAJOPj4eml;
> response data export func name "hello"

> load.erasecloud.n-e[.]kr/fwrite.php https://t.co/Nmcx2lrdx4

JangPro @JangPr0

4 months ago

#APT a28389792a9f0ef4b69eda86958f1baa InfoSteal: C:\PerfLog\www.ps1 lnk Xor Key: 0xAD Dropbox internal pattern: /Zzz02_[MAC_Hash] Client ID: t22wyehpn1u9bnc Client Secret: xjzbubw0an7uulb Refresh Token: i9QGthcUCggAAAAAAAAAAUwLhj4KkWUdixjRlD6D8pYEB..... https://t.co/3EArMz1qUF

$JangPr0's tweet photo. #APT a28389792a9f0ef4b69eda86958f1baa InfoSteal: C:\PerfLog\www.ps1 lnk Xor Key: 0xAD Dropbox internal pattern: /Zzz02_[MAC_Hash] Client ID: t22wyehpn1u9bnc Client Secret: xjzbubw0an7uulb Refresh Token: i9QGthcUCggAAAAAAAAAAUwLhj4KkWUdixjRlD6D8pYEB..... https://t.co/3EArMz1qUF https://t.co/0WYUlBu0Su$

Emmy Byrne @byrne_emmy12099

4 months ago

*.hwp.lnk afe9a0298d945105ee69e84bdd7c41f35dad869a44098cb7e65a6a32a01cc617 #APT #Rokrat

JangPro @JangPr0

4 months ago

Content modification: ooooppppoooopppp is the mutex of the PIF that dropped this file.

268

JangPro @JangPr0

4 months ago

#APT #Kimsuky #Happydoor d9be5226e4df9b95a09ccce5ee675f73 Filename: app.package Mutex: ooooppppoooopppp hxxp://cms.spaceyou.o-r[.]kr/index.php hxxp://erp.spaceme.p-e[.]kr/index.php Screen capture, Keylogging, Mic record, File monitor, etc... https://t.co/aUjKIPCWT3

JangPr0's tweet photo. #APT #Kimsuky #Happydoor

d9be5226e4df9b95a09ccce5ee675f73

Filename: app.package
Mutex: ooooppppoooopppp

hxxp://cms.spaceyou.o-r[.]kr/index.php
hxxp://erp.spaceme.p-e[.]kr/index.php

Screen capture, Keylogging, Mic record, File monitor, etc...
https://t.co/aUjKIPCWT3 https://t.co/QnM562Ny22

JangPro @JangPr0

4 months ago

#APT 대국민서비스관리운영체계_현장점검_증적(초안).pif 8983ffa6da23e0b99ccc58c17b9788c7 C:\Users\user\AppData\Roaming\AppRoot\app.package upx compressed

$JangPr0's tweet photo. #APT 대국민서비스관리운영체계_현장점검_증적(초안).pif 8983ffa6da23e0b99ccc58c17b9788c7 C:\Users\user\AppData\Roaming\AppRoot\app.package upx compressed https://t.co/0eOGqd4P69$

JangPro @JangPr0

4 months ago

#APT 대국민서비스관리운영체계_현장점검_증적(초안).pif 8983ffa6da23e0b99ccc58c17b9788c7 C:\Users\user\AppData\Roaming\AppRoot\app.package upx compressed

JangPro @JangPr0

6 months ago

#APT 58ac2f65e335922be3f60e57099dc8a3 RC4 Key: #RsfsetraW#@EsfesgsgAJOPj4eml; C&C: hxxps://load.ssangyongcne.o-r[.]kr/dashBoardWrite.php Mutex: a:fnjiuygredfsssssgbbgfcvdhutrv, u:fnjiuyxxxxxgredfgsbbgfcvhutrv This malware was dropped by c1972bae94d24e7a5daafbcfe030fd8d

JangPr0's tweet photo. #APT

58ac2f65e335922be3f60e57099dc8a3

RC4 Key: #RsfsetraW#@EsfesgsgAJOPj4eml;

C&C: hxxps://load.ssangyongcne.o-r[.]kr/dashBoardWrite.php

Mutex: a:fnjiuygredfsssssgbbgfcvdhutrv, u:fnjiuyxxxxxgredfgsbbgfcvhutrv

This malware was dropped by c1972bae94d24e7a5daafbcfe030fd8d https://t.co/vr6u7qQYi1

JangPro @JangPr0

8 months ago

@byrne_emmy12099 148a3a8ef7036772d98ed35a891dd2d0 DLL Drop: C:\ProgramData\StackTemp.log Connect: hxxp://attach.docucloud.o-r[.]kr/FreeDownload.php

$JangPr0's tweet photo. @byrne_emmy12099 148a3a8ef7036772d98ed35a891dd2d0 DLL Drop: C:\ProgramData\StackTemp.log Connect: hxxp://attach.docucloud.o-r[.]kr/FreeDownload.php https://t.co/YdwBajuJuD$

309

JangPro @JangPr0

11 months ago

#APT #DPRK #ROKRAT 20b6d0b1f9b2bfa388510e35b7fece61 Related to: https://t.co/vmSDlz8fQM

JangPro @JangPr0

11 months ago

#APT #DPRK d98ed7f95003332a873fbb03c9ec1237 Decoy: 국가정보연구회 소식지(52호).pdf D:\Work\Weapon\InjectFirst\Release\InjectFirst.pdb

$JangPr0's tweet photo. #APT #DPRK d98ed7f95003332a873fbb03c9ec1237 Decoy: 국가정보연구회 소식지(52호).pdf D:\Work\Weapon\InjectFirst\Release\InjectFirst.pdb https://t.co/4sS65PDmhT$

10K

JangPro @JangPr0

11 months ago

#APT #DPRK d98ed7f95003332a873fbb03c9ec1237 Decoy: 국가정보연구회 소식지(52호).pdf D:\Work\Weapon\InjectFirst\Release\InjectFirst.pdb

$JangPr0's tweet photo. #APT #DPRK d98ed7f95003332a873fbb03c9ec1237 Decoy: 국가정보연구회 소식지(52호).pdf D:\Work\Weapon\InjectFirst\Release\InjectFirst.pdb https://t.co/4sS65PDmhT$

10K

JangPro @JangPr0

11 months ago

#APT #DPRK The final payload performs the following malicious functions. UAC Elevation:Administrator TLS Connection Key logging Browser Infosteal https://t.co/aseX2VHx5Y

JangPr0's tweet photo. #APT #DPRK

The final payload performs the following malicious functions.

UAC Elevation:Administrator
TLS Connection
Key logging
Browser Infosteal

https://t.co/aseX2VHx5Y https://t.co/jw68UexnRu

JangPro @JangPr0

11 months ago

#APT #DPRK 639b5489d2fb79bcb715905a046d4a54 Decoy: 국민은행 송금 및 거래내역 관련 소명자료 제출 요청 안내(20250722).hwp.lnk hxxps://creativepackout[.]co/wp-admin/js/widgets/hurryup/?rv=bear^&za=battle0 ?rv=bear^&za=battle1

JangPr0's tweet photo. #APT #DPRK

639b5489d2fb79bcb715905a046d4a54

Decoy: 국민은행 송금 및 거래내역 관련 소명자료 제출 요청 안내(20250722).hwp.lnk

hxxps://creativepackout[.]co/wp-admin/js/widgets/hurryup/?rv=bear^&za=battle0

?rv=bear^&za=battle1 https://t.co/tyxxve7Qe8

JangPro @JangPr0

11 months ago

#APT #DPRK 5a59b2fb4603062e2d469f51b0647a64 Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk hxxps://dryskyholding[.]com/wp-includes/js/common/inc/get.php /wp-includes/js/common/src/upload.php and /src/list.php? Related to this: https://t.co/hUph1AB98C

JangPr0's tweet photo. #APT #DPRK

5a59b2fb4603062e2d469f51b0647a64

Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk

hxxps://dryskyholding[.]com/wp-includes/js/common/inc/get.php

/wp-includes/js/common/src/upload.php
and /src/list.php?

Related to this: https://t.co/hUph1AB98C https://t.co/QMJImRyRWn

Emmy Byrne @byrne_emmy12099

11 months ago

hxxps://dryskyholding[.]com/wp-includes/js/common/src/list.php #APT #DPRK

JangPro @JangPr0

11 months ago

JangPro @JangPr0

about 1 year ago

#APT #SUSP 51ddda068e1851c97b59078f98a87a98 Info steal(identifier-0920win): $ipAddress-$currentTime-XXX-1001coincatch.txt Dropbox upload path: /github/Log/1001coincatch/ hxxps://drive.google[.]com/uc?export=download&amp;id=1Im5Ud6Fz1VFkQQZ9Gzkh1J7zfuwn7kB6

JangPr0's tweet photo. #APT #SUSP

51ddda068e1851c97b59078f98a87a98

Info steal(identifier-0920win): $ipAddress-$currentTime-XXX-1001coincatch.txt
Dropbox upload path: /github/Log/1001coincatch/
hxxps://drive.google[.]com/uc?export=download&amp;id=1Im5Ud6Fz1VFkQQZ9Gzkh1J7zfuwn7kB6 https://t.co/6IO4BIbeed

JangPro @JangPr0

about 1 year ago

#APT #DPRK 904e87804a8f356d90c6b3e5409c9b62 hxxps://stock-investing-basics[.]com/jessica/wp-includes/js/common/src/get.php upload.php list.php

JangPr0's tweet photo. #APT #DPRK

904e87804a8f356d90c6b3e5409c9b62

hxxps://stock-investing-basics[.]com/jessica/wp-includes/js/common/src/get.php
upload.php
list.php https://t.co/7odsBVUUgn

JangPro @JangPr0

about 1 year ago

@Rash0m0n__ mcJHRdj.exe → crul mcJHRdj1.exe → Task Scheduler

JangPro @JangPr0

about 1 year ago

#APT #DPRK 9a54a114602b136c88b6dc69bb8c7bc3 Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk AutoIt3.exe hxxps://clerwine[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle0 KWfFIpS.cdr hxxps://clerwine[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle1

JangPr0's tweet photo. #APT #DPRK

9a54a114602b136c88b6dc69bb8c7bc3

Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk

AutoIt3.exe
hxxps://clerwine[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle0

KWfFIpS.cdr
hxxps://clerwine[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle1 https://t.co/x47VUjL14t

JangPro @JangPr0

about 1 year ago

#APT #DPRK cc72c5bf20e8d5d6efa66dfc1d8efaa4 Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk hxxps://thegreatratings[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle0 hxxps://thegreatratings[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle1 77.246.108[.]36

JangPr0's tweet photo. #APT #DPRK

cc72c5bf20e8d5d6efa66dfc1d8efaa4

Decoy: 미신고 자금출처명세서(부가가치세법 시행규칙).hwp.lnk

hxxps://thegreatratings[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle0
hxxps://thegreatratings[.]com/wp-admin/js/widgets/hurryup/?rv=bear&za=battle1
77.246.108[.]36 https://t.co/ifTXIWNdQL

JangPro @JangPr0

about 1 year ago

#APT #SUSP def6766521070a6d45b797c8c834ed88 Decoy: 국세 고지서.pdf.lnk URL = hxxps://cdn.glitch[.]global/b33b49c5-5e3d-4a33-b66b-c719b917fa62/txbib.hta Second files: {URL}/v3.hta?v=277522 hxxp://18.224.110[.]228:8080/stub.exe?v=2.0.3.txt&serial=SUCCESS!

JangPr0's tweet photo. #APT #SUSP

def6766521070a6d45b797c8c834ed88

Decoy: 국세 고지서.pdf.lnk
URL = hxxps://cdn.glitch[.]global/b33b49c5-5e3d-4a33-b66b-c719b917fa62/txbib.hta
Second files: {URL}/v3.hta?v=277522
hxxp://18.224.110[.]228:8080/stub.exe?v=2.0.3.txt&serial=SUCCESS! https://t.co/JYGhLtpINe

JangPro @JangPr0

about 1 year ago

#APT #DPRK eabb3b271c7f0df17b62a10461840351 Decoy: 개인정보보호 의무사항 실태점검서.hwp.lnk hxxps://24hrkpop[.]com/wp-includes/js/src/lib/list.php get.php upload.php Reg Run name: startsvc1

JangPr0's tweet photo. #APT #DPRK

eabb3b271c7f0df17b62a10461840351

Decoy: 개인정보보호 의무사항 실태점검서.hwp.lnk

hxxps://24hrkpop[.]com/wp-includes/js/src/lib/list.php
get.php
upload.php

Reg Run name: startsvc1 https://t.co/XsnKVrkK7D

JangPro @JangPr0

about 1 year ago

#APT #SUSP 95fc3891ce910f34080d4781bc7641be323ba6b761ec48ef50ab2f0b74f5a5b7 174.138.186[.]157:5511 & 7788 & 9558 rr7.tmp: hxxp://www.travelyoichi[.]jp/okinawa/showphoto[.]php REG Run name: PUpdate(H3628.js), runkey(rr7.tmp) Taskschd: AMicrosoftEdgeUpdateExpanding[93852691]

JangPro

@JangPr0

Last Seen Users on Sotwe

Trends for you

Most Popular Users