북한 APT Kimsuky(김수키)에서 만든줌 미팅(Zoom Meeting) 사칭 악성코드-Zoom Meeting(2024.9.28)
2024-11-18 • Sakai • Malware Created by North Korean APT Kimsuky Disguised as a Zoom Meeting (2024.9.28) •
The report analyzes Kimsuky malware that impersonates Zoom Meeting software. The sample uses an MSC-style execution approach and includes command-line behavior that downloads content into a temporary path, making the lure, file format, and command artifacts useful for endpoint hunting and user-awareness controls.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 342c285efb8798fcba80d695cafc9ae… | 2024-11-18 | 2024-11-18 |
| HASH | 6c701204ca4f75718798ebc4b3ed726f | 2024-11-18 | 2024-11-18 |
| HASH | ecb675f2570939d423595202abddf33… | 2024-11-18 | 2024-11-18 |
| URL | http://www.atlanwelt.de/modules… | 2024-11-18 | 2024-11-18 |
| URL | http://www.atlanwelt.de/modules… | 2024-11-18 | 2024-11-18 |
| URL | http://www.atlanwelt.de/modules… | 2024-11-18 | 2024-11-18 |
| DOMAIN | yydyy.com | 2024-11-18 | 2024-11-18 |
Related Actors
Related Reports
Shares tags: Kimsuky, MSC • Same author: Sakai • Published within a week
Shares tags: Kimsuky, MSC • Published within a week
2024-09-13 •
80% Match
게임 링크 단축 및 수익 창출 LootLabs 으로 위장한것으로 추정 되는 김수키(Kimsuky) 악성코드-Twitch x Loot Lab Event-2025.msc(2024.9.9)
Sakai
Shares tags: Kimsuky, MSC • Same author: Sakai
Shares tags: Kimsuky, MSC • Same author: Sakai
Shares tags: Kimsuky, MSC • Same author: Sakai
Shares tags: Kimsuky, MSC • Same author: Sakai