lazarusholic

Everyday is lazarus.dayβ

The Updated APT Playbook: Tales from the Kimsuky threat actor group

2024-03-20, Rapid7
https://www.rapid7.com/blog/post/2024/03/20/the-updated-apt-playbook-tales-from-the-kimsuky-threat-actor-group/
#Kimsuky #CHM

Contents

Last updated at Wed, 20 Mar 2024 22:00:00 GMT
Co-authors are Christiaan Beek and Raj Samani
Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely identify evolving tactics from threat groups in what is an unceasing game of cat and mouse.
Our team recently ran across some interesting activity that we believe is the work of the Kimsuky threat actor group, also known as Black Banshee or Thallium. Originating from North Korea and active since at least 2012, Kimsuky focuses primarily on intelligence gathering. The group is known to have targeted South Korean government entities, individuals associated with the Korean peninsula's unification process, and global experts in various fields relevant to the regime's interests. In recent years, Kimsuky’s activity has also expanded across …

IoC

364d4fdf430477222fe854b3cd5b6d40
5c7b2705155023e6e438399d895d30bf924e0547
71db2ae9c36403cec1fd38864d64f239
b5224224fdbabdea53a91a96e9f816c6f9a8708c
c62677543eeb50e0def44fc75009a7748cdbedd0a3ccf62f50d7f219f6a5aa05
d4fa57f9c9e35222a8cacddc79055c1d76907fb9
da79eea1198a1a10e2ffd50fd949521632d8f252fb1aadb57a45218482b9fd89
e8000ddfddbe120b5f2fb3677abbad901615d1abd01a0de204fade5d2dd5ad0d
f35b05779e9538cec363ca37ab38e287
http://gosiweb.gosiclass.com/m/gnu/convert/html/com/list.php?query=6
https://niscarea.com/in.php?cn=[base64]&fn=[DateTime