North Korean APT Kimsuky aka Black Banshee – Active IOCs
Contents
Analysis Summary
Kimsuky is a North Korean advanced persistent threat (APT) group, also known as "Black Banshee". The group has been active since at least 2012 and is believed to be state-sponsored. Kimsuky is known for conducting cyber espionage operations and targeting organizations and individuals in various countries, including South Korea, Japan, and the United States. The group has been observed using various techniques to compromise its targets, such as phishing attacks, malware infections, and supply chain attacks. The group's ultimate goals and motivations are not well understood, but they are generally believed to be focused on intelligence gathering and political or economic gain. The tactics, techniques, and procedures (TTPs) used by the Kimsuky APT group are constantly evolving, but some of their most commonly used methods include:
- Phishing attacks: The group has been known to send phishing emails that contain malicious attachments or links to compromised websites.
- Malware infections: Kimsuky …
Kimsuky is a North Korean advanced persistent threat (APT) group, also known as "Black Banshee". The group has been active since at least 2012 and is believed to be state-sponsored. Kimsuky is known for conducting cyber espionage operations and targeting organizations and individuals in various countries, including South Korea, Japan, and the United States. The group has been observed using various techniques to compromise its targets, such as phishing attacks, malware infections, and supply chain attacks. The group's ultimate goals and motivations are not well understood, but they are generally believed to be focused on intelligence gathering and political or economic gain. The tactics, techniques, and procedures (TTPs) used by the Kimsuky APT group are constantly evolving, but some of their most commonly used methods include:
- Phishing attacks: The group has been known to send phishing emails that contain malicious attachments or links to compromised websites.
- Malware infections: Kimsuky …
IoC
http://nood.xn----vb6em5hi7liqoza961br0ai8i.xn--9i1b01onwqqzd.xn--3e0b707e/
31e683073959e206e072711fe2570271
fd02470c6cc4ceb5fad3589d02e5148a8c738b83
b262ac518c0114f414aaedbb4ef7c728
8e0eb0d36bfd4e28ec6a10acccf899740df7048451229b84715e475e3c91347b
7e47d1bc13d7016a9d8eb59a97d19e3766fbfd54
2bfa1aaf1b6d52fcd7e120d74ba982cb848463fd9d4abb749945a3e620863353
31e683073959e206e072711fe2570271
fd02470c6cc4ceb5fad3589d02e5148a8c738b83
b262ac518c0114f414aaedbb4ef7c728
8e0eb0d36bfd4e28ec6a10acccf899740df7048451229b84715e475e3c91347b
7e47d1bc13d7016a9d8eb59a97d19e3766fbfd54
2bfa1aaf1b6d52fcd7e120d74ba982cb848463fd9d4abb749945a3e620863353