← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit
WHITE Kimusky AlienVault 2023-05-23 Modified: 2023-05-24
22
IOCs
MEDIUM VOLUME
North Korean APT group focuses on file reconnaissance and information exfiltration with latest variant of RandomQuery malware.
RandomQueryKimusky
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RandomQuery
Indicators of Compromise (22)
All domain FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
domain com-in.asia 2023-05-23
domain kr-angry.click 2023-05-23
domain com-def.asia 2023-05-23
domain com-www.click 2023-05-23
domain com-people.click 2023-05-23
domain com-port.space 2023-05-23
domain cf-health.click 2023-05-23
domain db-online.space 2023-05-23
domain kr-me.click 2023-05-23
domain com-price.space 2023-05-23
domain com-view.online 2023-05-23
domain de-file.online 2023-05-23
domain com-otp.click 2023-05-23
domain ko-asia.click 2023-05-23
domain com-pow.click 2023-05-23
domain com-hwp.space 2023-05-23
FileHash-SHA1 8f2e6719ce0f29c2c6dbabe5a7bda5906a99481c 2023-05-23
FileHash-SHA1 84398dcd52348eec37738b27af9682a3a1a08492 2023-05-23
FileHash-SHA1 96d29a2d554b36d6fb7373ae52765850c17b68df 2023-05-23
FileHash-SHA1 912f875899dd989fbfd64b515060f271546ef94c 2023-05-23
FileHash-SHA1 49c70c292a634e822300c57305698b56c6275b1c 2023-05-23
FileHash-SHA1 0288140be88bc3156b692db2516e38f1f2e3f494 2023-05-23
References (1)
↗ https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/