Kimsuky

Kimsuky Velvet Chollima 2012 North Korea APT. Shadows of BlackwoodHotel.pdf.lnk hotel spy lure. South Korean academia/government.

Threat Profile
Type Backdoor
Programming LanguagePowerShell/VBScript
C2 ProtocolHTTP
First Seen2014
Targets Guney Kore/NATO
Purpose / Capabilities
  • Espionage+Backdoor

C2 Servers 1

Address Port Protocol Status Action
hex.su
443 HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (3)

High

Kimsuky APT -- Shadows of BlackwoodHotel.pdf.lnk Çift Uzantı, Otel Casusluk Temalı Lure | Yüksek

Kimsuky APT 94KB Shadows of BlackwoodHotel.pdf.lnk cift uzanti LNK. Dark Hotel APT grubu otel spy teması.

Read Report →
Critical

Kimsuky APT -- Shadows of BlackwoodHotel.pdf.lnk LNK Çift Uzantı, PS String Concat Anti-VM | Kritik

Kimsuky 94KB Shadows of BlackwoodHotel.pdf.lnk cekim LNK. PowerShell vmxnet string concat. hex.Su .su TLD.

Read Report →
Critical

Kimsuky -- Shadows_BlackwoodHotel.pdf.lnk, PS vmxnet VM Tespiti, hex.Su C2, Kuzey Kore APT | Kritik

Kimsuky PDF.LNK North Korea APT. vmxnet PowerShell VM tespiti. hex.Su C2. Kurgusal roman lure.

Read Report →