바로가기_악성파일의_구조를_활용한_공격자_프로파일링.pdf (7 MB)

Plainbit presents a research project on profiling attackers through structural data embedded in malicious Windows shortcut files rather than relying only on changeable IoCs. The work focuses on the recent rise of malicious LNK-based attacks, explains how shortcut files are created and abused, and tests whether structural identifiers inside samples can support correlation between attacks. Its DPRK-relevant portion examines structural characteristics found in malicious shortcut files associated with North Korea-backed attack groups. The value for defenders is a complementary intelligence method that may remain useful when actors rotate infrastructure, filenames, hashes, or other conventional indicators.