Kimsuky Distributing CHM Malware Under Various Subjects
Contents
AhnLab Security Emergency response Center (ASEC) has continuously been tracking the Kimsuky group’s APT attacks. This post will cover the details confirmed during the past month of May. While the Kimsuky group often used document files for malware distribution, there have been many recent cases where CHM files were used in distribution. Also, unlike in the past when the document files contained North Korea-related topics, the group is now attempting to attack using a variety of subjects.
(1) Cases of Distribution
The names of the distributed files found during May are as follows. They show a variety of subjects such as cryptocurrency, tax accounting, and contracts, and it seems the personal data of a certain individual is being used.
The CHM malware in distribution generates a normal help window upon execution and performs malicious behaviors through the malicious script inside. It is not easy for users to notice the malicious behaviors, having been …
(1) Cases of Distribution
The names of the distributed files found during May are as follows. They show a variety of subjects such as cryptocurrency, tax accounting, and contracts, and it seems the personal data of a certain individual is being used.
The CHM malware in distribution generates a normal help window upon execution and performs malicious behaviors through the malicious script inside. It is not easy for users to notice the malicious behaviors, having been …
IoC
075160d6c8d82b96d1ae7893761695a6
7c7b8dd6dd4ba7b443e84287671f0e79
9861999409cdbc1f7c4c1079d348697c
98764ae00cee9f2cc87530601c159387
ae6fdb8945991b587ab790c2121345ce
b5a873ee6b839cbd03789115fc3ae944
d62dcb76fa0fb4b725ea9c8643874ae7
e5b0430290dc71193b7ea2fc829a9910
e9e56ee78e019e09d5dbe0bb373adf09
ef58a1326b98feccc90c4d37a8ce2fe2
http://vndjgheruewy1.com/tnd/pung03.txt
http://vndjgheruewy1.com/tnd/qung03.txt
http://vndjgheruewy1.com/uun06/uwpp.php
7c7b8dd6dd4ba7b443e84287671f0e79
9861999409cdbc1f7c4c1079d348697c
98764ae00cee9f2cc87530601c159387
ae6fdb8945991b587ab790c2121345ce
b5a873ee6b839cbd03789115fc3ae944
d62dcb76fa0fb4b725ea9c8643874ae7
e5b0430290dc71193b7ea2fc829a9910
e9e56ee78e019e09d5dbe0bb373adf09
ef58a1326b98feccc90c4d37a8ce2fe2
http://vndjgheruewy1.com/tnd/pung03.txt
http://vndjgheruewy1.com/tnd/qung03.txt
http://vndjgheruewy1.com/uun06/uwpp.php