Trusted Design

GONGDA VS. KOREAN NEWS

概要

On Jan. 27, we observed visitors to a Korean news site being redirected to the GongDa Exploit Kit (EK), potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful malware to be installed on the system. While GongDa is an older exploit kit that continues to use Java exploits, it has also been found delivering both Flash and VBScript exploits as well. Despite its shortcomings when compared to newer EK’s such as Angler or Neutrino, GongDa proves that old tricks (or vulnerabilities) can still work effectively.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

GongDa vs. Korean News (score: 0.97)
KaiXin Exploit Kit (score: 0.65)
Large Malvertising Campaign Leads to Angler EK & Bunitu Malware (score: 0.62)
Unusual Exploit Kit Targets Chinese Users (score: 0.61)
Korean Central News Agency serving malware (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

FIN7

Score: 4.06

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1124 - System Time Discovery

MITREへのリンク →

Volt Typhoon

Score: 6.90

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server
T1124 - System Time Discovery

MITREへのリンク →

Sandworm Team

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

Kimsuky

Score: 8.35

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1588.005 - Exploits

MITREへのリンク →

Ember Bear

Score: 5.60

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.005 - Exploits

MITREへのリンク →

Medusa Group

Score: 5.09

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1529 - System Shutdown/Reboot

MITREへのリンク →

Storm-0501

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32

MITREへのリンク →

Blue Mockingbird

Score: 4.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32

MITREへのリンク →

Earth Lusca

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

Leviathan

Score: 7.05

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1584.004 - Server

MITREへのリンク →

UNC3886

Score: 4.06

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1124 - System Time Discovery

MITREへのリンク →

Dragonfly

Score: 4.30

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.004 - Server

MITREへのリンク →

Lazarus Group

Score: 13.18

Matched TTPs:

T1584.004 - Server
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1529 - System Shutdown/Reboot

MITREへのリンク →

Turla

Score: 5.43

Matched TTPs:

T1584.004 - Server
T1124 - System Time Discovery

MITREへのリンク →

APT38

Score: 8.16

Matched TTPs:

T1036.006 - Space after Filename
T1529 - System Shutdown/Reboot

MITREへのリンク →

Mustang Panda

Score: 4.13

Matched TTPs:

T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT37

Score: 3.62

Matched TTPs:

T1529 - System Shutdown/Reboot

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.83

Matched TTPs:

T1529 - System Shutdown/Reboot
T1027.007 - Dynamic API Resolution
T1584.004 - Server
T1124 - System Time Discovery

MITREへのリンク →

Kimsuky

Score: 0.58

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1218.010 - Regsvr32
T1588.005 - Exploits

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る