Kimsuky "AutoUpdate" Malware
Contents
ThreatConnect Research Roundup: Kimsuky "AutoUpdate" Malware
IN THREAT RESEARCH | BY THREATCONNECT RESEARCH TEAM
June 19 2020 Edition
Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer).
Note: Viewing the pages linked in this blog post requires a ThreatConnect account. If you don’t have one, please click here to request your free TC Open account.
In this edition, we cover:
Kimsuky “AutoUpdate” Malware
Mustang Panda PlugX
“deviceupdate” Domains
“msupdate” Domains
Zoom Phish
Tor2Mine
Emotet
Roundup Highlight: Kimsuky AutoUpdate Malware
20200616A: Suspected Kimsuky “AutoUpdate” Malware
Our highlight in this Roundup is Incident 20200616A: Suspected Kimsuky “AutoUpdate” Malware. ThreatConnect Research identified a malware sample suspected to be associated with Kimsuky (a DPRK-based group) due to behaviors similar to a sample reported on the ESTsecurity ALYac Blog.
The blog above describes recent activity related to a campaign first seen in …
IN THREAT RESEARCH | BY THREATCONNECT RESEARCH TEAM
June 19 2020 Edition
Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer).
Note: Viewing the pages linked in this blog post requires a ThreatConnect account. If you don’t have one, please click here to request your free TC Open account.
In this edition, we cover:
Kimsuky “AutoUpdate” Malware
Mustang Panda PlugX
“deviceupdate” Domains
“msupdate” Domains
Zoom Phish
Tor2Mine
Emotet
Roundup Highlight: Kimsuky AutoUpdate Malware
20200616A: Suspected Kimsuky “AutoUpdate” Malware
Our highlight in this Roundup is Incident 20200616A: Suspected Kimsuky “AutoUpdate” Malware. ThreatConnect Research identified a malware sample suspected to be associated with Kimsuky (a DPRK-based group) due to behaviors similar to a sample reported on the ESTsecurity ALYac Blog.
The blog above describes recent activity related to a campaign first seen in …