New Kimsuky Malware “EndClient RAT”: First Technical Report and IOCs
Contents
Introduction
I have had the pleasure to work with PSCORE for quite some time now and we recently did a talk at RightsCon together about the cyber security dynamics for human rights in Korea. PSCORE's work spans to many angles surrounding from child labour abuse to internet freedoms and security. In their recent work, they discuss DPRK cyber activity as a global security issue and a continuing human-rights crisis. This report further demonstrates that.
In light of this collaboration with PSCORE, we recently uncovered another large scale attack on the Human Rights community surrounding North Korea. This report details my technical reverse engineering of the novel Remote Access Trojan (RAT) found targeting North Korean Human Rights Defenders (HRD). This report intends to cover a full technical breakdown of the malware, whilst on the PSCORE website, you will find a Korean language high level summary of this report in the next few days.
This …
I have had the pleasure to work with PSCORE for quite some time now and we recently did a talk at RightsCon together about the cyber security dynamics for human rights in Korea. PSCORE's work spans to many angles surrounding from child labour abuse to internet freedoms and security. In their recent work, they discuss DPRK cyber activity as a global security issue and a continuing human-rights crisis. This report further demonstrates that.
In light of this collaboration with PSCORE, we recently uncovered another large scale attack on the Human Rights community surrounding North Korea. This report details my technical reverse engineering of the novel Remote Access Trojan (RAT) found targeting North Korean Human Rights Defenders (HRD). This report intends to cover a full technical breakdown of the malware, whilst on the PSCORE website, you will find a Korean language high level summary of this report in the next few days.
This …
IoC
http://116.202.99.218:443
192.168.1.100
116.202.99.218
bcdd8a213cf6986bad4bb487fe1bf798e159d32fd3a88b4e8d2945403d1c428d
ABD73E21CABEBDFECFFF7294A6F8E4ABF9DE08CD
7107c110e4694f50a39a91f8497b9f0e88dbe6a3face0d2123a89bcebf241a1d
dfad5a2324e4bde8ba232d914fcea4c7c765992951eb933264fe1a2aaa8da164
192.168.1.100
116.202.99.218
bcdd8a213cf6986bad4bb487fe1bf798e159d32fd3a88b4e8d2945403d1c428d
ABD73E21CABEBDFECFFF7294A6F8E4ABF9DE08CD
7107c110e4694f50a39a91f8497b9f0e88dbe6a3face0d2123a89bcebf241a1d
dfad5a2324e4bde8ba232d914fcea4c7c765992951eb933264fe1a2aaa8da164