김수키(Kimsuky) 에서 만든 종신안내장 으로 위장한 악성코드-종신안내장v02_곽X환d.zip(2025.2.5)
2025-02-11 • Sakai • Kimsuky Malware Disguised as a Lifetime Membership Notice ZIP File •
The source analyzes malware attributed to Kimsuky that was distributed as a ZIP archive masquerading as a lifetime membership notice. The archive evidence includes a SHA-256 hash and an encoded PowerShell-style command chain that retrieves files from Dropbox-hosted URLs, indicating a staged downloader flow rather than a benign document package. The report is useful for defenders tracking Kimsuky social-engineering lures, script-based execution, and cloud-storage abuse in malware delivery.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 079907b7feab3673a1767dbfbc0626e… | 2025-02-11 | 2025-02-13 |
| HASH | 40837012253331958723dda63fdfabff | 2025-02-11 | 2025-02-11 |
Related Actors
Related Reports
2025-02-13 •
100% Match
Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
Securonix
Shares tag: Kimsuky • Shares 1 IOC • Published within a week
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai • Published within a week
Shares tag: Kimsuky • Same author: Sakai • Published within a week
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai • Published within a month