김수키(Kimsuky) 에서 만든 파워셀 악성코드-1.ps1(<-가칭 2025.3.13)
2025-03-17 • Sakai • PowerShell Malware Created by Kimsuky - 1.ps1 (tentative name, 2025.3.13) •
Kimsuky activity described in the source uses a PowerShell malware sample tracked as 1.ps1 to collect host, user, process, disk, and IP information into temporary files and stage the data for exfiltration. The report publishes hashes for the sample and shows a constructed command-and-control upload path impersonating Kakao account-related content, supporting detection of PowerShell-based reconnaissance and data theft tradecraft.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 85f5075610661c9706571a33548d7585 | 2025-03-17 | 2025-06-19 |
| IPv4 | 101.36.114.190 | 2025-03-17 | 2025-06-19 |
| HASH | 6ffb5106d912e582bde2c095365fa37… | 2025-03-17 | 2025-03-17 |
| HASH | bc36b9e8cf23dc0287f090a5c0bad3b… | 2025-03-17 | 2025-03-17 |
Related Actors
Related Reports
Shares tag: Kimsuky • Shares 4 IOCs • Published within a week
Shares tag: Kimsuky • Same author: Sakai • Published within a month
2025-03-25 •
90% Match
#Kimsuky
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai • Published within a week
Shares tag: Kimsuky • Same author: Sakai • Published within a week
Shares tag: Kimsuky • Shares 2 IOCs