국내 유명 법무법인을 타겟으로 한 APT 공격
2025-01-23 • Logpresso • APT Attack Targeting Prominent Korean Law Firms •
https://logpresso.com/ko/blog/2025-01-23-APT-attack-targeting-prominent-law-firms
Logpresso reports a Kimsuky-linked APT attack against prominent Korean law firms using a malicious Hangul document lure related to a defense industry digital innovation seminar. The document used password protection and OLE object execution to drop files into a temporary directory, then registered scheduled tasks that periodically downloaded and executed payload content from C2 infrastructure. The activity reflects DPRK espionage targeting legal-sector victims for reconnaissance and sensitive information collection.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 81db5019efd1b7b1c4c644e999e19611 | 2025-01-23 | 2026-01-14 |
| HASH | 84970168e4105b2b127c27c4a26300ad | 2025-01-23 | 2026-01-14 |
| HASH | de2bb5f2ad0e5354b27d49a91b2050c1 | 2025-01-23 | 2026-01-14 |
| HASH | 0337ebf5f6f3895bcb884731ac491f7f | 2025-01-23 | 2026-01-14 |
| HASH | e2fec8d5acc5e7df77ddd299333db8f4 | 2025-01-23 | 2026-01-14 |
| HASH | 4fa124105cea13668248a86d7a9493ec | 2025-01-23 | 2026-01-14 |
| HASH | ec7f17c6222642878c32f3ece61f1a1e | 2025-01-23 | 2026-01-14 |
| HASH | 4ab80f99a8a16c0e413f527ae50b6439 | 2025-01-23 | 2026-01-14 |
| HASH | 88d25b3b16d6d8ba216beff155747ad4 | 2025-01-23 | 2026-01-14 |
| HASH | b1bde0a7a0ed0c593da5f7114ba21740 | 2025-01-23 | 2026-01-14 |
| URL | https://www.elmer.com.tr/module… | 2025-01-23 | 2026-01-14 |
| HASH | 63a119714f01d9ff57c51614c9727f84 | 2025-01-15 | 2026-01-14 |