Trusted Design

GongDa vs. Korean News

概要

On Jan. 27, FireEye observed visitors to a Korean news site being redirected to the GongDa Exploit Kit (EK), potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful malware to be installed on the system. While GongDa is an older exploit kit that continues to use Java exploits, it has also been found delivering both Flash and VBScript exploits as well. Despite its shortcomings when compared to newer EK’s such as Angler or Neutrino, GongDa proves that old tricks (or vulnerabilities) can still work effectively. Source : https://www.fireeye.com/blog/threat-research/2016/03/gongda_vs_koreanne.html

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

GONGDA VS. KOREAN NEWS (score: 0.97)
KaiXin Exploit Kit (score: 0.61)
Tick cyberespionage group zeros in on Japan (score: 0.57)
BBSRAT Attacks Targeting Russian Organizations (score: 0.57)
Large Malvertising Campaign Leads to Angler EK & Bunitu Malware (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

FIN7

Score: 4.06

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1578.001 - Create Snapshot

MITREへのリンク →

Volt Typhoon

Score: 6.90

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1546.016 - Installer Packages
T1578.001 - Create Snapshot

MITREへのリンク →

Sandworm Team

Score: 5.80

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

Kimsuky

Score: 8.35

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code
T1003.003 - NTDS

MITREへのリンク →

Ember Bear

Score: 7.10

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1003.003 - NTDS

MITREへのリンク →

Medusa Group

Score: 5.09

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1216 - System Script Proxy Execution

MITREへのリンク →

Storm-0501

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code

MITREへのリンク →

Blue Mockingbird

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code

MITREへのリンク →

Earth Lusca

Score: 4.30

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1546.016 - Installer Packages

MITREへのリンク →

APT29

Score: 12.04

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1223 - Compiled HTML File

MITREへのリンク →

Leviathan

Score: 8.54

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

UNC3886

Score: 5.56

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Dragonfly

Score: 5.80

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1546.016 - Installer Packages

MITREへのリンク →

Cobalt Group

Score: 4.24

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

Inception

Score: 4.24

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 4.24

Matched TTPs:

T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

Sidewinder

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Lazarus Group

Score: 14.67

Matched TTPs:

T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot
T1216 - System Script Proxy Execution

MITREへのリンク →

Higaisa

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

APT37

Score: 5.12

Matched TTPs:

T1218.010 - Regsvr32
T1216 - System Script Proxy Execution

MITREへのリンク →

Mustang Panda

Score: 5.63

Matched TTPs:

T1218.010 - Regsvr32
T1055.005 - Thread Local Storage

MITREへのリンク →

BRONZE BUTLER

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Darkhotel

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Turla

Score: 5.43

Matched TTPs:

T1546.016 - Installer Packages
T1578.001 - Create Snapshot

MITREへのリンク →

APT38

Score: 8.16

Matched TTPs:

T1059.005 - Visual Basic
T1216 - System Script Proxy Execution

MITREへのリンク →

Mustard Tempest

Score: 4.54

Matched TTPs:

T1543.002 - Systemd Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.83

Matched TTPs:

T1578.001 - Create Snapshot
T1218.010 - Regsvr32
T1546.016 - Installer Packages
T1216 - System Script Proxy Execution
T1055.005 - Thread Local Storage

MITREへのリンク →

APT29

Score: 0.68

Matched TTPs:

T1223 - Compiled HTML File
T1218.009 - Regsvcs/Regasm
T1218.010 - Regsvr32
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る