Secure Drive 인증으로 위장한 악성코드 유포 피싱 메일

2026-01-20 Hauri Malware analysis report

https://hauri.co.kr/security/security_view.html?intSeq=84&page=1&keyfield=&key=

Attachments

2026-01-20상세분석보고서SecureDrive인증으로위장한악성코드_C00kPnt.pdf (958 KB)

Thumbnail for Secure Drive 인증으로 위장한 악성코드 유포 피싱 메일

Hauri describes phishing emails that impersonate Secure Drive authentication and lure recipients into manually running malware attached to a message abusing the identity of a high-ranking public official. The malware relies on social engineering, obfuscation, security-device evasion, and local execution bypass techniques rather than a purely automated exploit chain. After execution, it attempts to download and run additional payloads from command-and-control infrastructure, although the payload was no longer available at analysis time. The C2 had signs of long-running use against multiple targets, making the campaign relevant for defenders tracking Korean-language phishing and trust-based malware delivery.

Related Actors

Related Reports

2026-01-13 • 80% Match
#Kimsuky #T1102.002 #T1059.003 #T1567.002 #T1070.004 #T1587.001 #T1041 #T1608.001 #T1071.001 #T1112 #T1056.001 #T1059.006 #T1204.001 #T1059.007 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1059.005 #T1583.006 #T1566.001 #T1585.002 #T1053.005 #T1598.003 #T1583.001 #T1059.001 #T1036.005 #T1566 #T1585.001 #T1656 #T1205 #T1105 #T1055 #T1553.002 #T1620 #T1102.001 #T1027.002 #T1133 #T1190 #T1593 #T1588.002 #T1657 #T1055.012 #T1587 #T1078.003 #T1071.002 #T1562.004 #T1550.002 #T1111 #T1071.003 #T1591 #T1003.001 #T1218.011 #T1585 #T1593.002 #T1598 #T1583 #T1586.002 #T1588.005 #T1583.004 #T1036.004 #T1588.003 #T1589.003 #T1594 #T1218.010 #T1557 #T1219.002 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1596
Shares tag: Kimsuky • Published within a week
« Back