← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group)
AhnLab SEcurity intelligence Center (ASEC) recently identified a change in the Kimsuky group’s method of distributing malicious LNK files. The overall attack flow remains the same as before, with a malicious LNK ultimately executing a Python-based backdoor or downloader. However, a structural change was observed in the intermediate execution phase.
Indicators of Compromise (9)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 059bb6c439ffedc61d9168c23552202c | — | 2026-04-03 | |
| FileHash-MD5 | 0633d5f93a5f08a909c039a3f7e90830 | — | 2026-04-03 | |
| FileHash-MD5 | 063faa06c63e4091ff8df4acffeb10be | — | 2026-04-03 | |
| FileHash-MD5 | 130ce31e1fe7c0aa5fae32d96afff4c6 | — | 2026-04-03 | |
| FileHash-MD5 | 2052261efb1e9d486997fc1795d7d489 | — | 2026-04-03 | |
| domain | qugesr.online | — | 2026-04-03 | |
| domain | racswera.online | — | 2026-04-03 | |
| domain | whaincloud.store | — | 2026-04-03 | |
| domain | zoommet.site | — | 2026-04-03 |
References (1)