← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit - SentinelOne
WHITE Kimsuky CyberHunter_NL 2023-05-30 Modified: 2023-05-30
38
IOCs
MEDIUM VOLUME
North Korea-focused information services, human rights activists and defectors in relation to North Korea are the target of an ongoing campaign by a suspected North Korean advanced persistent threat group, according to SentinelLabs.
kimsukyrandomqueryvbscript randomquerytldsnorth koreakoreanvb scriptchm fileuserprofilec2 serverprogram filesdaumdesktop
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
VBScript RandomQuery RandomQuery Kimsuky
Indicators of Compromise (5 / 38 total)
All email URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 01e971c39e6f9e199d5e9d5a595dd2cf MD5 of 84398dcd52348eec37738b27af9682a3a1a08492 2023-05-30
FileHash-MD5 9f8d0510cadccc2d123aea6a52684d28 MD5 of 912f875899dd989fbfd64b515060f271546ef94c 2023-05-30
FileHash-MD5 b13e7af2e9e964f16853d6fb2b38a8a0 MD5 of 0288140be88bc3156b692db2516e38f1f2e3f494 2023-05-30
FileHash-MD5 c48221dba16382aeff0ac35aa0b93682 MD5 of 49c70c292a634e822300c57305698b56c6275b1c 2023-05-30
FileHash-MD5 e2f05f91a56c5e9936e06d2e62f49b2c MD5 of 96d29a2d554b36d6fb7373ae52765850c17b68df 2023-05-30
References (1)
↗ https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/