Kimsuky(김수키) 로 추측이 되는 부가가치세 확정신고 납부 통지서 피싱 메일 분석(2025.1.20)
2025-01-30 • Sakai • Analysis of a Suspected Kimsuky VAT Payment Notice Phishing Email •
The report analyzes a suspected Kimsuky phishing email that impersonates a Korean tax payment notice delivered through a Naver-style electronic document theme. The lure pressures users to open the notice before an authentication deadline while the sending details reveal abnormal foreign infrastructure. The case is relevant to credential-theft detection and user awareness in South Korea, especially for finance or tax-themed email lures abusing trusted portal branding.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | internet.ru | 2024-12-02 | 2026-04-17 |
| HASH | 894fb3ac5b9e18e3207b1b73de5b395b | 2025-01-30 | 2025-01-30 |
| [email protected] | 2025-01-30 | 2025-01-30 | |
| URL | http://authurize.niduser.info.d… | 2025-01-30 | 2025-01-30 |
| DOMAIN | authurize.niduser.info.dns.clou… | 2025-01-30 | 2025-01-30 |
| DOMAIN | send149.i.mail.ru | 2025-01-30 | 2025-01-30 |
| IPv4 | 89.221.237.244 | 2025-01-30 | 2025-01-30 |
| IPv4 | 118.193.68.90 | 2025-01-30 | 2025-01-30 |
Related Actors
Related Reports
Shares tags: Kimsuky, Phishing • Same author: Sakai • Published within a week
Shares tags: Kimsuky, Phishing • Published within a month
Shares tags: Kimsuky, Phishing • Published within a week
Shares tags: Kimsuky, Phishing • Same author: Sakai
Shares tags: Kimsuky, Phishing • Same author: Sakai
Shares tags: Kimsuky, Phishing • Same author: Sakai