정상 문서 파일로 위장한 악성 코드 유포 (Kimsuky 그룹)
2020-09-04 • Ahnlab • Malware Disguised as Normal Document Files Distributed by the Kimsuky Group •
ASEC reports that Kimsuky activity used files masquerading as normal documents by appending document-related extensions such as DOCX, PDF, and TXT to executable malware. The malware dropped and opened decoy files, stole information from infected PCs, and attempted to download additional suspected backdoor DLL payloads from infrastructure resembling previously observed Kimsuky command-and-control patterns. The targeting context included South Korean government agencies and university professors.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | portable.epizy.com | 2020-09-04 | 2021-05-01 |
| URL | http://pingguo2.atwebpages.com/… | 2020-09-04 | 2020-09-04 |
| URL | http://portable.epizy.com/img/p… | 2020-09-04 | 2020-09-04 |
| URL | http://upgrad.atwebpages.com/im… | 2020-09-04 | 2020-09-04 |
| URL | http://pingguo2.atwebpages.com/… | 2020-09-04 | 2020-09-04 |
| DOMAIN | pingguo2.atwebpages.com | 2020-09-04 | 2020-09-04 |
| DOMAIN | upgrad.atwebpages.com | 2020-09-04 | 2020-09-04 |
Related Actors
Related Reports
Shares tag: Kimsuky • Published within a month
Shares tag: Kimsuky • Published within a month
Shares tag: Kimsuky • Shares 1 IOC
Shares tag: Kimsuky • Same author: Ahnlab
Shares tag: Kimsuky • Same author: Ahnlab
Shares tag: Kimsuky • Same author: Ahnlab