Kimsuky Arsenal Exposure: Multi-format Trojan Analysis
Contents
Kimsuky Arsenal Exposure: Multi-format Trojan Analysis
Latest Research|November 20, 2024
Recently, SecAI has detected a series of targeted attacks launched by Kimsuky since 2024, showing high activity levels. This includes samples related to security to the South Korean Embassy in China in April, invoice-related samples to a construction company in June, and lecture-related samples to a well-known South Korean university in July. Through long-term tracking and analysis, this group has been stealing information and conducting remote control activities by setting up a large number of phishing websites and sending phishing emails with samples that induce clicks with names of interest to the victims. After collecting various attack samples from Kimsuky, it has been found that the group has the following characteristics:
Kimsuky, also known as APT43, APT-Q-2, Velvet Chollima, Black Banshee, Thallium, Sparkling Pisces, etc., has been operating since 2012 and is supported by the North Korean government. It mainly targets South Korea …
Latest Research|November 20, 2024
Recently, SecAI has detected a series of targeted attacks launched by Kimsuky since 2024, showing high activity levels. This includes samples related to security to the South Korean Embassy in China in April, invoice-related samples to a construction company in June, and lecture-related samples to a well-known South Korean university in July. Through long-term tracking and analysis, this group has been stealing information and conducting remote control activities by setting up a large number of phishing websites and sending phishing emails with samples that induce clicks with names of interest to the victims. After collecting various attack samples from Kimsuky, it has been found that the group has the following characteristics:
Kimsuky, also known as APT43, APT-Q-2, Velvet Chollima, Black Banshee, Thallium, Sparkling Pisces, etc., has been operating since 2012 and is supported by the North Korean government. It mainly targets South Korea …
IoC
ea332de382c843e4d862323466fee3d94c3722e3e9e61c00bf2bdf379a7087af
30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213
7d766cbd60b2184b4181eb83562d5a406b848adddfa20842a073c25d3f1fe853
8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4
1099a77b2de97f26605b32e25e806b636e36103a3b8d601e1e30b15c922de578
5d25e53b59bd2dcf234c6819f8cd294efe6d943d04625b9d575002362794e74a
35ddb63c0729a7e3019c026865ea195607a51943d8867607a26c006f0df6e594
6263530f1bde08b13872252fa1e90efc0ac5c8d433db6931316c8eb7322d23c4
06e2ab3fe5afc927642244644dfddb0f920ff1ab11c5e5631e26dbd62ed6978a
30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213
7d766cbd60b2184b4181eb83562d5a406b848adddfa20842a073c25d3f1fe853
8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4
1099a77b2de97f26605b32e25e806b636e36103a3b8d601e1e30b15c922de578
5d25e53b59bd2dcf234c6819f8cd294efe6d943d04625b9d575002362794e74a
35ddb63c0729a7e3019c026865ea195607a51943d8867607a26c006f0df6e594
6263530f1bde08b13872252fa1e90efc0ac5c8d433db6931316c8eb7322d23c4
06e2ab3fe5afc927642244644dfddb0f920ff1ab11c5e5631e26dbd62ed6978a