← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Kimsuky group appears to be exploiting OneNote like the cybercrime group
WHITE santravault1 2023-03-23 Modified: 2023-04-22
7
IOCs
LOW VOLUME
kimsukydownloadbabysharkredlinekimsuky grouponenotevbs scriptonenote filevbs fileinstitutepeacedemocracyhwp files2w blogvirustotalqakbotredline stealerasyncrat
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Redline Babyshark Download Kimsuky
Indicators of Compromise (7)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL https://s2w.inc 2023-03-23
FileHash-MD5 aa756b20170aa0869d6f5d5b5f1b7c37 2023-03-23
FileHash-MD5 f2a0e92b80928830704a00c91df87644 2023-03-23
FileHash-SHA1 371d2c65283178192fa982671f2418c007182f3f SHA1 of aa756b20170aa0869d6f5d5b5f1b7c37 2023-03-23
FileHash-SHA1 d1836aa050ec09b5c86ce4c0e14e0115a6a6510a SHA1 of f2a0e92b80928830704a00c91df87644 2023-03-23
FileHash-SHA256 1334ef6ae02e3d0581f3ac177aec7660628e26f764ee7064d3758fc4a34e8475 SHA256 of aa756b20170aa0869d6f5d5b5f1b7c37 2023-03-23
FileHash-SHA256 29e17b37a49218c644b8c7dcd981716be8c561704eab98f829cd1b97bb9e6f4d SHA256 of f2a0e92b80928830704a00c91df87644 2023-03-23
References (1)
↗ https://malware.news/t/kimsuky-group-appears-to-be-exploiting-onenote-like-the-cybercrime-group/67959