Quick Overview of Babyshark Campaign disguise as Defense-themed HWP Document, involving the Kimsuky APT Group
Contents
Quick Overview of Babyshark Campaign disguise as Defense-themed HWP Document, involving the Kimsuky APT Group
2025.01.22
✅ Report Title:
Quick Overview of Babyshark Campaign disguise as Defense-themed HWP Document, involving the Kimsuky APT Group
*What is Babyshark?
Babyshark is a type of malware used by Kimsuky, a North Korean-backed APT group that poses a threat to international security. Since at least 2019, this malware has been employed to steal information, primarily distributed through malicious files or links attached to spear-phishing emails.
✅ Executive Summary:
1) Sample Information
On January 13, 2025, a phishing email disguised as a plan for a "Defense Industry Digital Innovation Seminar" was discovered and analyzed.
- Filename: [Original Email] Announcement of the Korean Defense Industry Society’s Defense Industry Digital Innovation Seminar Plan
- MD5: 8a801a356d5a7b3235b920e4d36336d2
2) Malware Behavior and Key Functions
The attached HWP document contains a malicious file embedded as an OLE object. When executed, it drops additional files to maintain persistence and receives malicious payloads from …
2025.01.22
✅ Report Title:
Quick Overview of Babyshark Campaign disguise as Defense-themed HWP Document, involving the Kimsuky APT Group
*What is Babyshark?
Babyshark is a type of malware used by Kimsuky, a North Korean-backed APT group that poses a threat to international security. Since at least 2019, this malware has been employed to steal information, primarily distributed through malicious files or links attached to spear-phishing emails.
✅ Executive Summary:
1) Sample Information
On January 13, 2025, a phishing email disguised as a plan for a "Defense Industry Digital Innovation Seminar" was discovered and analyzed.
- Filename: [Original Email] Announcement of the Korean Defense Industry Society’s Defense Industry Digital Innovation Seminar Plan
- MD5: 8a801a356d5a7b3235b920e4d36336d2
2) Malware Behavior and Key Functions
The attached HWP document contains a malicious file embedded as an OLE object. When executed, it drops additional files to maintain persistence and receives malicious payloads from …
IoC
https://www.elmer.com.tr/modules/mod_finder/src/Helper/1212_pprb_all/dksleks?newpa=comline
8a801a356d5a7b3235b920e4d36336d2
8a801a356d5a7b3235b920e4d36336d2