김수키(Kimsuky) 에서 만든 악성코드-민혜지2.jre(2024.7.24)
2024-08-07 • Sakai • Malware Created by Kimsuky - Min Hye-ji 2.jre (2024.7.24) •
A Kimsuky-attributed malware analysis describes a JavaScript or JSE-style sample named Min Hyeji2.jre and provides MD5, SHA-1, and SHA-256 hashes. The reported execution chain uses WScript, hidden PowerShell, and certutil decoding to stage files under ProgramData before running additional commands. The behavior is relevant to defenders tracking North Korea-linked malware because it combines script execution, living-off-the-land tooling, obfuscation, and staged payload deployment that can be hunted through process telemetry and file artifacts.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | pmlroma.kro.kr | 2024-08-07 | 2025-01-09 |
| HASH | 06e2ab3fe5afc927642244644dfddb0… | 2024-08-07 | 2024-11-20 |
| HASH | de60612226ea59961e655ad83d23fb5… | 2024-08-07 | 2024-08-07 |
| HASH | 4df86f74f192202ee6ac82095804d68… | 2024-08-07 | 2024-08-07 |
| HASH | 6fba482cb866a3c51dc9063527886f5d | 2024-08-07 | 2024-08-07 |
| HASH | 97d91cd399b5c4c6f2edd32e1a4211a… | 2024-08-07 | 2024-08-07 |
| HASH | 5440699e3ad3443e1cec835f09715c6… | 2024-08-07 | 2024-08-07 |
| URL | http://pmlroma.kro.kr/index.php | 2024-08-07 | 2024-08-07 |
Related Actors
Related Reports
Shares tags: Kimsuky, JSE • Shares 1 IOC
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai • Published within a month