WhoisXML API examined a Kimsuky campaign using 13 AhnLab-published IOCs as pivots for DNS expansion. The source says Kimsuky shifted from its usual HWP or Microsoft Word spearphishing attachments toward compressed files and malicious links. The infrastructure analysis identified 702 connected artifacts through DNS intelligence, giving defenders more domains and related records to investigate beyond the original IOC set. Marketing text and unrelated WailingCrab or Atomic Stealer material on the same page are not part of the Kimsuky finding.