"북한 신형 자폭드론" 관련 내용으로 위장한 악성 MSC 문서
2024-09-13 • Hauri • Malicious MSC document disguised as content about North Korean suicide drones •
https://hauri.co.kr/security/issue_view.html?intSeq=456&page=1&article_num=338
The source documents a malicious MSC downloader using a decoy theme related to North Korean suicide drones. The report identifies the sample as Downloader.S.MSC.146707 and lists command-and-control style URLs on petssecondchance.larcity.dev that retrieve XML and VBS payload paths under public user folders. The evidence points to Windows MSC abuse for staged payload retrieval.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| URL | https://petssecondchance.larcit… | 2024-09-13 | 2024-11-22 |
| URL | https://petssecondchance.larcit… | 2024-09-13 | 2024-11-22 |
| URL | https://petssecondchance.larcit… | 2024-09-13 | 2024-11-22 |
| DOMAIN | petssecondchance.larcity.dev | 2024-09-13 | 2024-11-22 |
| HASH | 755c0350038daefb29b888b6f8739e81 | 2024-09-13 | 2024-09-13 |
| URL | https://petssecondchance.larcit… | 2024-09-13 | 2024-09-13 |
Related Actors
Related Reports
Shares tags: Kimsuky, MSC • Shares 4 IOCs • Published within a week
Shares tags: Kimsuky, MSC • Shares 4 IOCs
Shares tags: Kimsuky, MSC • Same author: Hauri • Published within a month
Shares tags: Kimsuky, MSC • Published within a week
2024-09-13 •
80% Match
게임 링크 단축 및 수익 창출 LootLabs 으로 위장한것으로 추정 되는 김수키(Kimsuky) 악성코드-Twitch x Loot Lab Event-2025.msc(2024.9.9)
Sakai
Shares tags: Kimsuky, MSC • Published within a week
Shares tags: Kimsuky, MSC • Published within a week