← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Kimsuky Phishing Operations
WHITE Kimsuky AlienVault 2020-09-29 Modified: 2020-10-29
90
IOCs
HIGH VOLUME
TC has identified the infrastructure most likely associated with a targeted phishing attack, as part of our research into North Korea’s Kimsuky group, which we suspect could be targeting targets for espionage purposes.
kimsukynorth koreaphishinghuman rightsvelvet choillima
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 90 total)
All domain FileHash-SHA256 URL hostname FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 9f5edb6d8a230c06512464fe84db0056 MD5 of a7461e60ae7297c20e1af5f83c42e34da2602b91 2020-09-29
FileHash-MD5 e890504a4903cf8e8731bbda32b41843 MD5 of 3e621ef83f474ee62a840f10d4a3f5877d9ee09e 2020-09-29
FileHash-MD5 99c0c8c8fdc87fd91aaad82062f62a9c MD5 of 6519616b2ea5d2295241dc60b1aabc0766339364 2020-09-29
FileHash-MD5 47a7fc69d364a66e6f6a50bcf93ed62d MD5 of 6a486084d9181d7e8ef00f60164b7aa6719eb146 2020-09-29
References (1)
↗ ThreatConnect-Kimsuky-Phishing-Operations-Putting-In-Work-IoC.csv