Friday, October 11, 2024
Homecivil societyNorth Korean Threat Group 'Kimsuky' Exploits 'TrollAgent' Malware: Security Alert!

North Korean Threat Group ‘Kimsuky’ Exploits ‘TrollAgent’ Malware: Security Alert!

Introduction

In recent cybersecurity developments, a concerning infiltration campaign has been uncovered, implicating the North Korean threat group known as ‘Kimsuky.’ This group has been observed utilizing the insidious ‘TrollAgent’ malware to compromise the security of unsuspecting users. Notably, these activities have been detected within the security programs hosted on the website of a Korean construction association.

The Threat Unveiled

Upon attempting to access the website of the Korean construction association, users are prompted to install purported security programs. However, investigation reveals that one of these programs, labeled “NX_PRNMAN,” contains malicious elements, posing a significant threat to users’ security. Analysis indicates that the malware is systematically uploaded to the website, exposing individuals who download files within specific time frames to potential attacks.

Malicious Tactics Unveiled

The installer for the ‘TrollAgent’ malware is stealthily packed using VMProtect, enhancing its ability to evade detection by traditional security measures. Furthermore, alarming evidence suggests that the malware installer is signed with a stolen valid certificate attributed to “D2Innovation,” a reputable Korean defense company. This exploitation of legitimate certificates adds a layer of sophistication to the threat, making it more challenging to identify and mitigate.

Conclusion

In conclusion, the emergence of the ‘Kimsuky’ threat campaign, facilitated by the ‘TrollAgent’ malware, underscores the ever-evolving landscape of cybersecurity threats. The targeted infiltration of trusted websites and the use of advanced obfuscation techniques highlight the necessity for heightened vigilance and proactive security measures.

Recommendations

Given the severity of the threat posed by the ‘Kimsuky’ group and their utilization of the ‘TrollAgent’ malware, it is imperative for organizations and individuals to implement robust cybersecurity protocols. This includes regular security updates, comprehensive malware detection systems, and user education initiatives to mitigate the risk of falling victim to such sophisticated attacks.

This comprehensive approach to cybersecurity will help safeguard against emerging threats and ensure the integrity of digital environments in the face of evolving challenges.

IOC Information:

IOC TypeIOCMalicious Info
ip106.52.127.12Malicious: 6
Suspicious: 0
Zone: Grey
Abuse Score: 1
hash7c6f0bae1e588821bd5d66cd98f52b7005e054279748c2c851647097fa2ae2dfMalicious: 35
Malware Family: linux
Metadefender Percentage: 100
Blocked Reason: Infected
Zone: Yellow
HitsCount: 100
ip111.92.242.47Malicious: 2
Suspicious: 0
Zone: Grey
Abuse Score: 0
hash08caa2415f19565aa1fac40ea4a9e3e2eb9c6e382507e3e93677c506e4b42f9cMalicious: 35
Malware Family: linux
Metadefender Percentage: N/A
Blocked Reason: N/A
Zone: Red
HitsCount: 10
ip81.68.214.122Malicious: 4
Suspicious: 0
Zone: Grey
Abuse Score: 0
hash7fb22f3b6632ab0df493b2e80a66b6a08a3173ccf5f8cdf2fc4956afd63bff23Malicious: 42
Malware Family: linux
Metadefender Percentage: N/A
Blocked Reason: N/A
Zone: Red
HitsCount: 10
ip81.68.197.3Malicious: 4
Suspicious: 0
Zone: Grey
Abuse Score: 0
hash42590da283f271cb55efcea7c89866d6dc3358933996166302237f040141fa12Malicious: 36
Malware Family: linux
Metadefender Percentage: 100
Blocked Reason: Infected
Zone: Red
HitsCount: 10
hashb4135ca942f8ab7e98259dd4666d9e84ba0c6a4a7326bab4b4abab5b009551beMalicious: 42
Malware Family: linux
Metadefender Percentage: 100
Blocked Reason: Infected
Zone: Red
HitsCount: 10
hashb1c19e717494b33fa269b5adaf7e591d46f1ab4c1f571f22df254055349ec22cMalicious: 41
Malware Family: linux
Metadefender Percentage: N/A
Blocked Reason: N/A
Zone: Red
HitsCount: 10
hash4e4b120f5ae23a2d3a32e9dc09cc1b9ead3e8cd947555f83f84a369a4feff081Malicious: 25
Malware Family: linux
Metadefender Percentage: N/A
Blocked Reason: N/A
Zone: Red
HitsCount: 10
ip110.45.1.53Malicious: 0
Suspicious: 0
Zone: Grey
Abuse Score: 0
ip47.88.49.239Malicious: 3
Suspicious: 0
Zone: Grey
Abuse Score: 0
domainauto.c3pool.orgMalicious: 4
Suspicious: 2
Status: Green
ip45.141.68.25Malicious: 5
Suspicious: 0
Zone: Grey
Abuse Score: 0
ip103.255.177.55Malicious: 11
Suspicious: 0
Zone: Red
Abuse Score: 0
domainhfs.t1linux.comMalicious: 4
Suspicious: 1
Status: Green
hash4839d344d0251f9122c11222021511702ae8dfd3185c2e300cd21c0c7a574d5fMalicious: 39
Malware Family: linux
Metadefender Percentage: 100
Blocked Reason: Infected
Zone: Red
HitsCount: 10
hash6a43077384c2f348908dee0b5a5bbe119f82092cef87586af0b3eefe6d9d05c8Malicious: 43
Malware Family: linux
Metadefender Percentage: N/A
Blocked Reason: N/A
Zone: Red
HitsCount: 10
ip20.205.116.139Malicious: 5
Suspicious: 1
Zone: Grey
Abuse Score: 0
hashb87346b930120e2be9394177c530843187f7d5393738b7a935583f19cc6937b5Malicious: 44
Malware Family: linux
Metadefender Percentage: N/A
Blocked Reason: N/A
Zone: Red
HitsCount: 10
hash808f0f85aee6be3d3f3dd4bb827f556401c4d69a642ba4b1cb3645368954622eMalicious: 43
Malware Family: linux
Metadefender Percentage: 100
Blocked Reason: File is infected, see description
Zone: Red
HitsCount: 10
ip82.156.146.62Malicious: 2
Suspicious: 0
Zone: Grey
Abuse Score: 0
domainnishabii.xyzMalicious: 5
Suspicious: 1
Status: Grey
cvecve-2021-25646
Domainzomfaa9a.onlinewebshop.netMalicious: 2
Suspicious: 0
Status: Red
Domain99695njd.myartsonline.comMalicious: 1
Suspicious: 0
Status: Red
Hash9339eaf1d77bb0324e393a08a6180fe0658761fc0cd20ba25081963286dfb9c7Malicious: 48
Malware Family: konni
Metadefender Percentage: N/A
Blocked Reason: N/A
Zone: Red
HitsCount: 100
domainzcvbm1zv.onlinewebshop.netMalicious: 3
Suspicious: 0
Status: Red
domain694qf6w8.scienceontheweb.netMalicious: 1
Suspicious: 0
Status: Red
Domainjbkza9h7.atwebpages.comMalicious: 5
Suspicious: 0
Status: Reddomain
URLhttps://onowbabone.tantermhes.ru/fpmp67r49tdomain

Source: Blog Post
Source Reliability: Trustworthy
Information Reliability: Confirmed
Motivation: Cyber Crime
Source Category: Technical Intelligence
Severity: Low

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments