Kimsuky
Kimsuky Velvet Chollima 2012 North Korea APT. Shadows of BlackwoodHotel.pdf.lnk hotel spy lure. South Korean academia/government.
Threat Profile
Type
Backdoor
Programming LanguagePowerShell/VBScript
C2 ProtocolHTTP
First Seen2014
Targets
Guney Kore/NATO
Purpose / Capabilities
- Espionage+Backdoor
C2 Servers 1
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
hex.su
|
443 | HTTPS | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (3)
Kimsuky APT -- Shadows of BlackwoodHotel.pdf.lnk Çift Uzantı, Otel Casusluk Temalı Lure | Yüksek
Kimsuky APT 94KB Shadows of BlackwoodHotel.pdf.lnk cift uzanti LNK. Dark Hotel APT grubu otel spy teması.
Read Report →Kimsuky APT -- Shadows of BlackwoodHotel.pdf.lnk LNK Çift Uzantı, PS String Concat Anti-VM | Kritik
Kimsuky 94KB Shadows of BlackwoodHotel.pdf.lnk cekim LNK. PowerShell vmxnet string concat. hex.Su .su TLD.
Read Report →Kimsuky -- Shadows_BlackwoodHotel.pdf.lnk, PS vmxnet VM Tespiti, hex.Su C2, Kuzey Kore APT | Kritik
Kimsuky PDF.LNK North Korea APT. vmxnet PowerShell VM tespiti. hex.Su C2. Kurgusal roman lure.
Read Report →