Tag

Kimsuky

4 briefs RSS

Kimsuky APT Domains and URLs from Maltrail Feed

This brief summarizes newly published IOCs consisting of domains and URLs associated with the Kimsuky APT group as of June 2nd, 2026, sourced from a Maltrail feed.

Kimsuky +4 apt ioc malware

2r 2t 50i 2w ago

medium threat

Maltrail IOCs for APT Kimsuky, Lummac2, MagentoCore, and FakeApp Campaigns

3 rules 1 TTP 50 IOCs

This brief summarizes indicators of compromise (IOCs) from a Maltrail feed update on 2026-05-20, detailing network activity associated with APT Kimsuky, Lummac2, MagentoCore, and FakeApp campaigns, providing actionable intelligence for detection and response.

APT Kimsuky ioc apt network_activity kimsuky lummac2 magentocore fakeapp

3r 1t 50i May 20, 2026

high threat

Kimsuky Targets Organizations with Evolving PebbleDash-Based Tools

2 rules 4 TTPs 5 IOCs

Kimsuky, a North Korean APT group, is actively targeting organizations, primarily in South Korea, with evolving tactics and tools, leveraging spear-phishing emails and messenger contacts to deploy malware such as PebbleDash and AppleSeed for establishing backdoors and stealing information.

VSCode +2 Kimsuky +4 apt spear-phishing malware pebbledash appleseed

2r 4t 5i May 14, 2026

high threat

Kimsuky Malware Using Dropbox API for Command and Control

2 rules 2 TTPs

Kimsuky is using malware that leverages the Dropbox API for command and control, enabling file exfiltration and remote code execution.

Kimsuky +4 dropbox api command-and-control exfiltration

2r 2t Mar 19, 2026