North Korean APT Kimsuky aka Black Banshee – Active IOCs
2025-03-17 • Rewterz •
https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-43
Rewterz summarizes Kimsuky, also known as Black Banshee, as a North Korean APT active since at least 2012 and focused on espionage against targets including South Korea, Japan, and the United States. The advisory lists common tradecraft such as phishing, malware infections, supply chain compromise, lateral movement, and data exfiltration, then highlights Android malware activity from 2022 involving FastFire, FastViewer, and FastSpy with Firebase-based C2 and Androspy-derived code. It also references ReconShark as a BabyShark evolution used for reconnaissance and information theft in later cyberespionage activity. The IOC section provides representative hashes and URLs for blocking and hunting, but the main value is the consolidated Kimsuky mobile and reconnaissance malware context.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | a6598bbdc947286c84f951289d14425c | 2025-03-17 | 2025-07-08 |
| DOMAIN | mrasis.n-e.kr | 2025-03-17 | 2025-07-08 |
| HASH | 85f5075610661c9706571a33548d7585 | 2025-03-17 | 2025-06-19 |
| IPv4 | 101.36.114.190 | 2025-03-17 | 2025-06-19 |
| HASH | 07c7cf4441254e8754aa62150bf8c53… | 2025-03-17 | 2025-03-19 |
| HASH | 5f23b1ca43f6a18e3c9f21d390f5d1e… | 2025-03-17 | 2025-03-19 |
| URL | http://mrasis.n-e.kr/ | 2025-03-17 | 2025-03-19 |
| HASH | 6ffb5106d912e582bde2c095365fa37… | 2025-03-17 | 2025-03-17 |
| HASH | bc36b9e8cf23dc0287f090a5c0bad3b… | 2025-03-17 | 2025-03-17 |
| HASH | ba00e1a70e5da6ed610652a93e7cc7dd | 2025-03-17 | 2025-03-17 |
| HASH | 784d5df037879ed47cf46f8b2ec2c54… | 2025-03-17 | 2025-03-17 |
| HASH | 2bd2657c4924e2cb6f2ae33997262c7… | 2025-03-17 | 2025-03-17 |
| HASH | d5eb074d6db0e5b0725389236e88391… | 2025-03-17 | 2025-03-17 |
| HASH | 3cc47aea39c48aa22fbf246f11cd4aa… | 2025-03-17 | 2025-03-17 |
| HASH | d414e3718ad82a9925339ac8338b77a6 | 2025-03-17 | 2025-03-17 |