{
  "name": "Inside Kimsuky\u2019s Latest Cyberattack: Analyzing Malicious Scripts and Payloads",
  "slug": "inside-kimsukys-latest-cyberattack-analyzing-malicious-scripts-and-payloads",
  "description": "Kimsuky, also known as \u201cBlack Banshee,\u201d a North Korean APT group active at least from 2012, is believed to be state-sponsored. Their cyber espionage targets countries like South Korea, Japan, and the U.S. Their tactics include phishing, malware infections (RATs, backdoors, wiper malware), supply chain attacks, lateral movement within networks and data exfiltration.",
  "published": "2025-03-27T20:47:08+00:00",
  "created_at": "2025-03-27T20:47:08+00:00",
  "modified_at": "2025-03-27T20:54:46+00:00",
  "created_at_opencti": "2025-03-27T20:47:08+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-03-27",
    "64677cae14a2ec4d393a81548417b61b",
    "apt group",
    "black banshee",
    "c2 command",
    "chrome",
    "edge",
    "file",
    "firefox",
    "kimsuky",
    "naver whale",
    "rats",
    "zip file"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:b26e475c74d8eb2d",
        "name": "64677CAE14A2EC4D393A81548417B61B",
        "slug": "64677cae14a2ec4d393a81548417b61b"
      }
    ],
    "intrusion_sets": [
      {
        "id": "294d962a-b24e-446b-8e2d-3706cb1316b3",
        "name": "Kimsuky",
        "slug": "kimsuky"
      }
    ],
    "attack_patterns": [
      {
        "id": "2f07e892-0128-454b-9413-803505e67b48",
        "name": "T1030"
      },
      {
        "id": "d5c953ff-b143-41b6-bf2d-87b829132ea5",
        "name": "T1135"
      },
      {
        "id": "41af8283-2fa5-469e-9c29-e8ad77b4f224",
        "name": "T1014"
      },
      {
        "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed",
        "name": "T1113"
      },
      {
        "id": "53b3b18c-d0d0-4bf6-bc6b-2c0ab9180deb",
        "name": "T1070"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "31d29704-da1c-47ea-b93f-76d368813bdf",
        "name": "T1560"
      },
      {
        "id": "0b2b1ecd-d52e-492a-af08-050954bc03e5",
        "name": "T1056"
      },
      {
        "id": "358e04b8-6f65-48b2-a24b-f101bfc6671a",
        "name": "T1195"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Korea, Republic of"
      },
      {
        "id": "",
        "name": "Japan"
      },
      {
        "id": "",
        "name": "United States of America"
      }
    ]
  },
  "external_refs": [
    "https://labs.k7computing.com/index.php/inside-kimsukys-latest-cyberattack-analyzing-malicious-scripts-and-payloads/",
    "https://otx.alienvault.com/pulse/67e5c75c2569365ec3ecae21"
  ]
}