← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign - SentinelOne
WHITE Kimsuky tr2222200 2023-05-11 Modified: 2023-05-11
45
IOCs
MEDIUM VOLUME
SentinelLabs has observed ongoing attacks from North Korean state-sponsored cyber-espionage group Kimsuky, and has identified a new component of the malware that has evolved into an expanded reconnaissance capability.
kimsukyreconsharkbabysharkwindows batchoffice templatevbs scriptnorth koreac2 serverasiaeuropeukrainefebruaryexample
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
BabyShark Kimsuky ReconShark
Indicators of Compromise (45)
All URL domain FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
URL https://mitmail.tech/gorgon/ca.php?na=dot_kasp.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=dot_kasp.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=dot_avg.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=dot_esen.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=dot_esen.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=dot_v3.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=dot_v3.gif 2023-05-11
URL https://rfa.ink/bio/d.php?na=battmp 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=vbs.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=vbs.gif 2023-05-11
URL https://rfa.ink /bio/d.php?na=vbtmp 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=start0.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=start0.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=vbs_esen.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=vbs_esen.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=start1.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=start1.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=videop.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=videop.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=start3.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=start3.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=start4.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=start4.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=start2.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=start2.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=video.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=video.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=dot_eset.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=dot_eset.gif 2023-05-11
URL https://newshare.online/lee/ca.php?na=secur32.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=secur32.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=secur32.gif 2023-05-11
URL https://mitmail.tech/gorgon/ca.php?na=reg.gif 2023-05-11
URL https://rfa.ink/bio/ca.php?na=reg.gif 2023-05-11
URL https://mitmail.tech/gorgon/t1.hta 2023-05-11
URL https://rfa.ink/bio/t1.hta 2023-05-11
URL https://mitmail.tech/gorgon/r.php 2023-05-11
URL https://rfa.ink/bio/r.php 2023-05-11
domain yonsei.lol 2023-05-11
FileHash-SHA1 86a025e282495584eabece67e4e2a43dca28e505 2023-05-11
FileHash-SHA1 c8f54cb73c240a1904030eb36bb2baa7db6aeb01 2023-05-11
domain com-change.info 2023-05-11
domain mainchksrh.com 2023-05-11
domain mitmail.tech 2023-05-11
domain newshare.online 2023-05-11
References (1)
↗ https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/