从Kimsuky组织msc攻击样本到GrimResource
2024-09-14 • Aliyun • From Kimsuky MSC attack samples to GrimResource •
The source analyzes a Kimsuky MSC attack sample and explains how malicious Microsoft Management Console files can be abused for code execution and defense evasion. It references the GrimResource technique while noting that this sample uses a different attack approach from the original APDS-based method. The report includes sample hash evidence and focuses on MSC file structure and execution behavior relevant to Windows intrusion triage.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 57e9b7d1c18684a4e8b3688c454e832… | 2024-09-14 | 2024-11-22 |
| URL | https://petssecondchance.larcit… | 2024-09-14 | 2024-11-22 |
| URL | https://petssecondchance.larcit… | 2024-09-13 | 2024-11-22 |
| URL | https://petssecondchance.larcit… | 2024-09-13 | 2024-11-22 |
| URL | https://petssecondchance.larcit… | 2024-09-13 | 2024-11-22 |
| DOMAIN | petssecondchance.larcity.dev | 2024-09-13 | 2024-11-22 |
Related Actors
Related Reports
Shares tags: Kimsuky, MSC • Shares 6 IOCs
Shares tags: Kimsuky, MSC • Shares 4 IOCs • Published within a week
Shares tags: Kimsuky, MSC • Published within a week
2024-09-13 •
66% Match
게임 링크 단축 및 수익 창출 LootLabs 으로 위장한것으로 추정 되는 김수키(Kimsuky) 악성코드-Twitch x Loot Lab Event-2025.msc(2024.9.9)
Sakai
Shares tags: Kimsuky, MSC • Published within a week
Shares tags: Kimsuky, MSC • Published within a week
Shares tags: Kimsuky, MSC • Published within a week