Trusted Design

GongDa vs. Korean News

概要

On Jan. 27, FireEye observed visitors to a Korean news site being redirected to the GongDa Exploit Kit (EK), potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful malware to be installed on the system. While GongDa is an older exploit kit that continues to use Java exploits, it has also been found delivering both Flash and VBScript exploits as well. Despite its shortcomings when compared to newer EK’s such as Angler or Neutrino, GongDa proves that old tricks (or vulnerabilities) can still work effectively. Source : https://www.fireeye.com/blog/threat-research/2016/03/gongda_vs_koreanne.html

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

GONGDA VS. KOREAN NEWS (score: 0.97)
KaiXin Exploit Kit (score: 0.61)
Tick cyberespionage group zeros in on Japan (score: 0.57)
BBSRAT Attacks Targeting Russian Organizations (score: 0.57)
Large Malvertising Campaign Leads to Angler EK & Bunitu Malware (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

FIN7

Score: 4.06

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1124 - System Time Discovery

MITREへのリンク →

Volt Typhoon

Score: 6.90

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server
T1124 - System Time Discovery

MITREへのリンク →

Sandworm Team

Score: 5.80

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

Kimsuky

Score: 8.35

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1588.005 - Exploits

MITREへのリンク →

Ember Bear

Score: 7.10

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

Medusa Group

Score: 5.09

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1529 - System Shutdown/Reboot

MITREへのリンク →

Storm-0501

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32

MITREへのリンク →

Blue Mockingbird

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32

MITREへのリンク →

Earth Lusca

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

APT29

Score: 12.04

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting
T1027.006 - HTML Smuggling

MITREへのリンク →

Leviathan

Score: 8.54

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

UNC3886

Score: 5.56

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Dragonfly

Score: 5.80

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1584.004 - Server

MITREへのリンク →

Cobalt Group

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

Inception

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT32

Score: 4.24

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sidewinder

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Lazarus Group

Score: 14.67

Matched TTPs:

T1203 - Exploitation for Client Execution
T1584.004 - Server
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1529 - System Shutdown/Reboot

MITREへのリンク →

Higaisa

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

APT37

Score: 5.12

Matched TTPs:

T1203 - Exploitation for Client Execution
T1529 - System Shutdown/Reboot

MITREへのリンク →

Mustang Panda

Score: 5.63

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

BRONZE BUTLER

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Darkhotel

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Turla

Score: 5.43

Matched TTPs:

T1584.004 - Server
T1124 - System Time Discovery

MITREへのリンク →

APT38

Score: 8.16

Matched TTPs:

T1036.006 - Space after Filename
T1529 - System Shutdown/Reboot

MITREへのリンク →

Mustard Tempest

Score: 4.54

Matched TTPs:

T1608.006 - SEO Poisoning

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.83

Matched TTPs:

T1124 - System Time Discovery
T1203 - Exploitation for Client Execution
T1584.004 - Server
T1529 - System Shutdown/Reboot
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT29

Score: 0.68

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1027.006 - HTML Smuggling
T1090.004 - Domain Fronting

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る