Pulse Detail — Threat Intelligence

PULSE NAME

Foreign interview referral impersonation Kim Suki attack found

WHITE Armature_TIP 2025-02-14 Modified: 2025-03-16

IOCs

MEDIUM VOLUME

Security Center (SC) has released an analysis of the Kimsuky cyber-attack using HWP and MSC malware, which it says was carried out by a group of Russian hackers, using malware designed to steal sensitive data.

Indicators of Compromise (25)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	1cfef99f68b749d81736397e652c3d87	—	2025-02-14
FileHash-MD5	5eae3d3b9aeeb0a4186ad3b68ff2da59	—	2025-02-14
FileHash-MD5	9eb0b3e2f61ef255ef51ace86381a258	—	2025-02-14
FileHash-MD5	cb82751ae9f84709268fd5e5b135b74e	—	2025-02-14
FileHash-SHA1	fc8d5e3ffc56198118b1d5155c9116a242008809	SHA1 of 5eae3d3b9aeeb0a4186ad3b68ff2da59	2025-02-14
FileHash-SHA256	f0aa5a27ea01362dce9ced3685961d599e1c9203eef171b76c855a3db41f1ec6	SHA256 of 5eae3d3b9aeeb0a4186ad3b68ff2da59	2025-02-14
URL	http://brandwizer.co.in/green_pad/wp-content/plugins/custom-post-type-maker/essay/	—	2025-02-14
URL	http://joongang.site/pprb/sec/	—	2025-02-14
URL	http://orientedworld.com/wp-content/plugins/health-check/pages/gorgon1/d.php?na=battmp	—	2025-02-14
URL	http://orientedworld.com/wp-content/plugins/health-check/pages/reuters/d.php?na=battmp	—	2025-02-14
URL	http://rfa.ink/bio/	—	2025-02-14
URL	http://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/Seh-Lynn/d.php?na=battmp	—	2025-02-14
URL	http://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/interview/	—	2025-02-14
URL	https://orientedworld.com/wp-content/plugins/health-check/pages/reuters/d.php?na=battmp	—	2025-02-14
URL	https://orientedworld.com/wp-content/plugins/health-check/pages/reuters/share	—	2025-02-14
URL	https://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/Seh-Lynn/d.php?na=battmp	—	2025-02-14
URL	https://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/Seh-Lynn/share	—	2025-02-14
URL	https://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/interview/d.php?na=battmp	—	2025-02-14
URL	https://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/interview/view.php?do=	—	2025-02-14
domain	brandwizer.co.in	—	2025-02-14
domain	joongang.site	—	2025-02-14
domain	orientedworld.com	—	2025-02-14
domain	profilepimpz.com	—	2025-02-14
email	tac@genians.com	—	2025-02-14
hostname	temp.demetradesign.it	—	2025-02-14

References (1)

↗ https://www.genians.co.kr/blog/threat_intelligence/interview