APT-C-55（Kimsuky）组织利用GitHub作为载荷平台的攻击活动分析 - Qihoo360 | lazarus.day

APT-C-55（Kimsuky）组织利用GitHub作为载荷平台的攻击活动分析

2024-11-14 • Qihoo360 • Analysis of APT-C-55 Kimsuky Using GitHub as a Payload Platform •

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247504218&idx=1&sn=47c3680b0c07f8e130630073914a3992

#APT-C-55 #LNK

Thumbnail for APT-C-55（Kimsuky）组织利用GitHub作为载荷平台的攻击活动分析

360's report attributes an activity cluster to APT-C-55, also known as Kimsuky, and describes the use of GitHub as a payload delivery platform. The campaign involved lure files and code with similarities to prior Kimsuky malware, raw GitHub-hosted payloads, information collection, command download behavior, and indicators suitable for network and host hunting.

Indicators of Compromise

Type	Value	First Seen	Last Seen
EMAIL	[email protected]…	2024-11-14	2024-11-14
DOMAIN	genyo.getenjoyment.net	2024-11-14	2024-11-14
DOMAIN	sportsontheweb.net	2022-01-25	2024-11-14

Related Actors

APT-C-55

Qihoo360

Kimsuky

First seen: Nov 2021

Last seen: May 2026

Related Reports

2026-05-13 • 70% Match

APT-C-55（Kimsuky）组织依托GitHub+Dropbox分发恶意载荷的攻击活动分析

Qihoo360

#APT-C-55 #LNK #AsyncRAT

Shares tags: APT-C-55, LNK • Same author: Qihoo360

2023-08-28 • 70% Match

APT-C-55（Kimsuky）组织使用韩文域名进行恶意活动

Qihoo360

#Kimsuky #APT-C-55 #LNK

Shares tags: APT-C-55, LNK • Same author: Qihoo360

2025-02-11 • 60% Match

2024年全球高级持续性威胁（APT）研究报告

Qihoo360

#Trend #APT-C-26 #APT-C-55

Shares tag: APT-C-55 • Same author: Qihoo360

2024-06-12 • 55% Match

APT-C-55（Kimsuky）组织在RandomQuery活动中投递开源RAT的攻击活动分析

Qihoo360

#APT-C-55 #RandomQuery #XenoRAT

Shares tag: APT-C-55 • Same author: Qihoo360

2026-01-30 • 50% Match

2025年全球高级持续性威胁（APT）研究报告

Qihoo360

#APT-C-26 #APT-C-55 #APT-C-28

Shares tag: APT-C-55 • Same author: Qihoo360

2025-07-08 • 50% Match

APT-C-55（Kimsuky）组织基于VMP强壳的HappyDoor后门攻击分析

Qihoo360

#APT-C-55 #HappyDoor

Shares tag: APT-C-55 • Same author: Qihoo360