Kimsuky Distributing CHM Malware Under Various Subjects

2023-06-21 Ahnlab

https://asec.ahnlab.com/en/54678/

Thumbnail for Kimsuky Distributing CHM Malware Under Various Subjects

While the Kimsuky group often used document files for malware distribution, there have been many recent cases where CHM files were used in distribution. Recently, there has been an increase in malware distribution targeting particular users using personal information. It seems that the threat actor checks the stolen user information, and only when the system is a target of attack, uploads additional malicious files to the C2. AhnLab Security Emergency response Center (ASEC) has continuously been tracking the Kimsuky group’s APT attacks.

Indicators of Compromise

Type Value First Seen Last Seen
HASH ae6fdb8945991b587ab790c2121345ce 2023-06-16 2023-06-21
HASH 075160d6c8d82b96d1ae7893761695a6 2023-06-16 2023-06-21
HASH d62dcb76fa0fb4b725ea9c8643874ae7 2023-06-16 2023-06-21
HASH 98764ae00cee9f2cc87530601c159387 2023-06-16 2023-06-21
HASH 9861999409cdbc1f7c4c1079d348697c 2023-06-16 2023-06-21
HASH ef58a1326b98feccc90c4d37a8ce2fe2 2023-06-16 2023-06-21
HASH b5a873ee6b839cbd03789115fc3ae944 2023-06-16 2023-06-21
HASH e5b0430290dc71193b7ea2fc829a9910 2023-06-16 2023-06-21
HASH e9e56ee78e019e09d5dbe0bb373adf09 2023-06-16 2023-06-21
HASH 7c7b8dd6dd4ba7b443e84287671f0e79 2023-06-16 2023-06-21
URL http://vndjgheruewy1.com/tnd/pu… 2023-06-16 2023-06-21
URL http://vndjgheruewy1.com/jun06/… 2023-06-16 2023-06-21
URL http://vndjgheruewy1.com/tnd/qu… 2023-06-16 2023-06-21
URL http://vndjgheruewy1.com/uun06/… 2023-06-16 2023-06-21
DOMAIN vndjgheruewy1.com 2023-06-16 2023-06-21

Related Actors

Related Reports

« Back