More Kimsuky “AutoUpdate” Malware
Contents
ThreatConnect Research Roundup: More Kimsuky “AutoUpdate” Malware
IN THREAT RESEARCH | BY THREATCONNECT RESEARCH TEAM
Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer).
Note: Viewing the pages linked in this blog post requires a ThreatConnect account. If you don’t have one, please click here to request your free TC Open account.
In this edition, we cover:
Kimsuky “AutoUpdate” Malware
Mustang Panda PlugX
Spoofed Google Support Domain
GreedyWonk
Emotet
WastedLocker
IndigoDrop
Roundup Highlight: More Kimsuky “AutoUpdate” Malware
20200618A: Suspected Kimsuky “AutoUpdate” Malware
Our highlight in this Roundup is Incident 20200618A: Suspected Kimsuky “AutoUpdate” Malware. ThreatConnect Research identified an additional malware sample likely associated with Kimsuky (a DPRK-based group) due to behaviors similar to a sample reported on the ESTsecurity ALYac Blog, which was also referenced in last week’s Research Roundup Blog.
Like last week’s file, …
IN THREAT RESEARCH | BY THREATCONNECT RESEARCH TEAM
Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer).
Note: Viewing the pages linked in this blog post requires a ThreatConnect account. If you don’t have one, please click here to request your free TC Open account.
In this edition, we cover:
Kimsuky “AutoUpdate” Malware
Mustang Panda PlugX
Spoofed Google Support Domain
GreedyWonk
Emotet
WastedLocker
IndigoDrop
Roundup Highlight: More Kimsuky “AutoUpdate” Malware
20200618A: Suspected Kimsuky “AutoUpdate” Malware
Our highlight in this Roundup is Incident 20200618A: Suspected Kimsuky “AutoUpdate” Malware. ThreatConnect Research identified an additional malware sample likely associated with Kimsuky (a DPRK-based group) due to behaviors similar to a sample reported on the ESTsecurity ALYac Blog, which was also referenced in last week’s Research Roundup Blog.
Like last week’s file, …