Severity
High
Analysis Summary
Kimsuky is believed to be a North Korean-based threat group who have been operating since the latter half of 2013 with many campaigns being attributed to the group. The group is also known by other names including Velvet Chollima and Black Banshee. The group is using filename of autoupdate.dll is to push the users to download the malicious file which will install the malicious dll to gain access of the victim’s system.
This particular document is about the South Korea-U.S. summit held at the White House on May 21 and this keeps on leveraging to the users to keep them interested about the happenings within the region and with all the sanctions and details put up by US towards North Korea and for the stability of the region. These type of campaigns are often by threat actors to gain any sort of advantage towards their rivals and keep them interested about the happenings between US, South Korea and North Korea.
Impact
- Information theft and espionage
Indicators of Compromise
Filename
한미 정상회담(5[.]21) 참고 자료 (수정본)[.]pif
MD5
- b567f7aac1574b2ba3a769702d2f6a1e
SHA-256
- 679a17688cde5d57c4662df12ab134f64931497b87dfffd1cd87fd38ca2feeff
SHA1
- a2d722b2efdea91033037cf5dd5aed8730a010bd
Remediation
- Block all threat indicators at their respective controls.
- Look for IOCs in your environment.