North Korean APT Kimsuky aka Black Banshee – Active IOCs
Contents
Analysis Summary
Kimsuky is a North Korean advanced persistent threat (APT) group, also known as "Black Banshee". The group has been active since at least 2012 and is believed to be state-sponsored. Kimsuky is known for conducting cyber espionage operations and targeting organizations and individuals in various countries, including South Korea, Japan, and the United States. The group has been observed using various techniques to compromise its targets, such as phishing attacks, malware infections, and supply chain attacks. The group's ultimate goals and motivations are not well understood, but they are generally believed to be focused on intelligence gathering and political or economic gain. The tactics, techniques, and procedures (TTPs) used by the Kimsuky APT group are constantly evolving, but some of their most commonly used methods include:
- Phishing attacks: The group has been known to send phishing emails that contain malicious attachments or links to compromised websites.
- Malware infections: Kimsuky …
Kimsuky is a North Korean advanced persistent threat (APT) group, also known as "Black Banshee". The group has been active since at least 2012 and is believed to be state-sponsored. Kimsuky is known for conducting cyber espionage operations and targeting organizations and individuals in various countries, including South Korea, Japan, and the United States. The group has been observed using various techniques to compromise its targets, such as phishing attacks, malware infections, and supply chain attacks. The group's ultimate goals and motivations are not well understood, but they are generally believed to be focused on intelligence gathering and political or economic gain. The tactics, techniques, and procedures (TTPs) used by the Kimsuky APT group are constantly evolving, but some of their most commonly used methods include:
- Phishing attacks: The group has been known to send phishing emails that contain malicious attachments or links to compromised websites.
- Malware infections: Kimsuky …
IoC
http://72.14.155.62/dash/index.php?ati=Kur-55502ecd073cb632_55502ecd073cb632
72.14.155.62
7689f8c2bfff6262a5885f3e5afc5442dc8a60bfa463da821e348b095d45e362
e9a54529a55bada06fdf95e0b7de77cd
5e05839ce67f982e292150e91de22c906bac7f70
atlanwelt.de
72.14.155.62
7689f8c2bfff6262a5885f3e5afc5442dc8a60bfa463da821e348b095d45e362
e9a54529a55bada06fdf95e0b7de77cd
5e05839ce67f982e292150e91de22c906bac7f70
atlanwelt.de