Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 7, 2021Rewterz Threat Alert – APT C-23 aka AridViper Active in the Region – Active IOCs
June 7, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 7, 2021Rewterz Threat Alert – APT C-23 aka AridViper Active in the Region – Active IOCs
June 7, 2021Severity
High
Analysis Summary
Kimsuky is believed to be a North Korean-based threat group who have been operating since the latter half of 2013 with many campaigns being attributed to the group. The group is also known by other names including Velvet Chollima and Black Banshee. Kimsuky employs common social engineering tactics, spearphishing, and watering hole attacks to exfiltrate desired information from victims. Kimsuky usually conducts its intelligence collection activities against individuals and organizations in South Korea, Japan, and the United States. Kimsuky focuses its intelligence collection activities on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions.
Impact
- Information theft and espionage
Indicators of Compromise
Filename
- 사례비지급 의뢰서(양식)[.]doc (Compensation payment request form (form)[.]doc)
MD5
- 95c92bcfc39ceafc1735f190a575c60c
SHA-256
- 811b42bb169f02d1b0b3527e2ca6c00630bebd676b235cd4e391e9e595f9dfa8
SHA1
- a3cda1db25d43e27061827255e0b192a9c714f7e
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.