The DPRK Kimsuky APT group used the BabyShark trojan to connect to its C2 server via a revoked TLS certificate.

2025. 05. 09.
OSINT 협회
OSINT 정보
The DPRK Kimsuky APT group used the BabyShark trojan to connect to its C2 server via a revoked TLS certificate. sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll) C2) hxxps://first.pokerstarus.kro[.]kr https://x.com/SecAI_AI/status/1920129746244981095
The DPRK Kimsuky APT group used the BabyShark trojan to connect to its C2 server via a revoked TLS certificate. sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll) C2) hxxps://first.pokerstarus.kro[.]kr https://x.com/SecAI_AI/status/1920129746244981095
게시일: 2025. 05. 09.
출처: OSINT 협회 Facebook
원본 Facebook 게시물 보기 →
이전

Earth Kasha, an APT group linked to APT10(China Threat Actor), expands its target to government agencies and public institutions in Taiwan and Japan.

다음

DPRK #Kimsuky IOC