Analysis of Kimsuky group using Dropbox for operations [Monday, February 05, 2024]

A recent campaign by the North Korea-linked threat actor Kimsuky distributed malicious LNK files posing as PDFs to download payloads. The payloads ...
Analysis of Kimsuky group using Dropbox for operations [Monday, February 05, 2024]
Analysis of Kimsuky group using Dropbox for operations

Analysis of Kimsuky group using Dropbox for operations

Description :
A recent campaign by the North Korea-linked threat actor Kimsuky distributed malicious LNK files posing as PDFs to download payloads. The payloads used Dropbox APIs and Tutclient RAT to collect info. Kimsuky campaigns increasingly use cloud services and living-off-the-land tactics.

Published Created Modified
2024-02-05 17:11:52 2024-02-05 17:11:52 2024-02-05 17:41:01

Tags

Indicators

IPv4s : URLs : Domains : Malwares :
  • Tutclient
  • Xeno RAT
Hashes :
  • e1f7cb002b25f60f71d551df45eef5f8f05194ce181795ccb799176443e08d51
  • 0a5151c9878b592a202c07e7c02ed46bbd4135341b3d416600a03da529976b54
  • 89cad9a57985cc0ab3b7403a943ad0aa7b167dc7a3c38557417fedea67a77b87
  • a30f649b85bbec3809dbb6f485c518178236319ebf3b8ba9ec07d6dcb2ac289b
  • befa4094eb7ceb31be76ec98b11353b296b57476fe1b69db916e02bc8efce7d7
  • 06a96540907451d1a9fafba4b6d8be487947c886e64a3b376b9f24f7ab0eb0e0
  • 286e7a4cff62d3312db91bd00c0d98c37154c1e2c0c4a3ac1b439e4905004087
  • 8ad91023d327366fa85bc9a03adb38c23f406b309cfc8e4f7256ed075be3d48d
  • 1426269940ef6036941ccfbf68b0b65259bc72918f30481465a11d8b97250f07
  • 53cd8c8f3f12fe38b20a21c2357cab311773f4d6c717393e081dd8e1898fd0d9
  • 617a4a83e7fb10a4a9ef993cdfe4d83946f0d71d50c8cbd418513d9d40e7df74
  • 46a5d54c264152ce915792af31c75824a558af7d7340d78b34e146d8c6249e79
  • a53caf4805a1b9c0b7fca4e2e3e21fb070bd0807a5e8cfb75c60c38c3c6bab05
Intrusion set :
  • Kimsuky
MITRE ATT&CK Techniques : Other observables :
  • Media
  • Finance
  • Government

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.