Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and Payloads
Contents
Kimsuky, also known as “Black Banshee,” a North Korean APT group active at least from 2012, is believed to be state-sponsored. Their cyber espionage targets countries like South Korea, Japan, and the U.S. Their tactics include phishing, malware infections (RATs, backdoors, wiper malware), supply chain attacks, lateral movement within networks and data exfiltration.
Recently , we came across IOCs of this APT’s latest attack shared in a tweet, which pointed to a ZIP file containing the actual payloads. In this blog, we will analyse the infection chain and conduct a deep dive into the examination of these payloads. We will also explore how the malware operates, its behaviour, and the techniques used to execute the attack.
Inside the ZIP file, there are four files: a VBScript, a PowerShell script, and two encoded text files. These encoded text files contain obfuscated data, which, with further analysis, could provide crucial insights into the malware’s …
Recently , we came across IOCs of this APT’s latest attack shared in a tweet, which pointed to a ZIP file containing the actual payloads. In this blog, we will analyse the infection chain and conduct a deep dive into the examination of these payloads. We will also explore how the malware operates, its behaviour, and the techniques used to execute the attack.
Inside the ZIP file, there are four files: a VBScript, a PowerShell script, and two encoded text files. These encoded text files contain obfuscated data, which, with further analysis, could provide crucial insights into the malware’s …
IoC
1119A977A925CA17B554DCED2CBABD85
CE4549607E46E656D8E019624D5036C1
64677CAE14A2EC4D393A81548417B61B
CE4549607E46E656D8E019624D5036C1
64677CAE14A2EC4D393A81548417B61B