Kimsuky Analysis

IOB - Indicator of Behavior (648)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en504
zh118
ko8
fr6
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn352
us98
mn10
kr8
gb6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Office28
Linux Kernel14
Microsoft Windows12
WordPress10
Fortinet FortiOS8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2CodeIgniter Reverse Proxy getIPAddress data authenticity6.76.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-23556
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.670.04187CVE-2010-0966
4Rarlab WinRAR Expiration mshtml.dll injection5.65.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.00885CVE-2021-35052
5Grafana path traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.90737CVE-2021-43798
6Cisco Secure Access Control System EAP-FAST Authentication Module improper authentication9.89.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01136CVE-2013-3466
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.040.04499CVE-2019-7550
8Postfix Admin functions.inc.php sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.060.01232CVE-2014-2655
9ipTIME NAS-I Bulletin Manage unrestricted upload7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.010.01359CVE-2020-7847
10Fortinet FortiOS SSL VPN Web Portal memory corruption5.95.6$5k-$25kCalculatingNot DefinedOfficial Fix0.020.00885CVE-2018-13383
11WordPress sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01537CVE-2017-14723
12WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.01974CVE-2017-5611
13Grafana information disclosure5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01232CVE-2018-19039
14Roundcube webmail sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.06523CVE-2013-6172
15CodeIgniter improper authentication7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-46170
16Apache libapreq2 Multipart Form buffer overflow5.95.9$5k-$25k$5k-$25kNot DefinedNot Defined0.000.06394CVE-2022-22728
17Shirne CMS controller.php path traversal5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2022-37299
18Jsonxx Value double free7.87.8$0-$5k$0-$5kNot DefinedWorkaround0.040.00885CVE-2022-23459
19Trend Micro Deep Security Manager application LDAP information disclosure5.65.6$5k-$25k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-15626
20X.org libICE Session Key IceGenerateMagicCookie entropy5.75.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.01282CVE-2017-2626

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (41)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.106.122.239KimsukyverifiedHigh
227.102.102.70KimsukyverifiedHigh
327.102.107.63KimsukyAppleSeedverifiedHigh
427.102.112.44KimsukyverifiedHigh
527.102.112.58KimsukyverifiedHigh
627.102.114.63KimsukyverifiedHigh
727.102.114.79KimsukyverifiedHigh
827.102.114.89KimsukyAppleSeedverifiedHigh
927.102.127.240KimsukyverifiedHigh
10XX.XXX.XXX.XXXXxxxxxxverifiedHigh
11XX.XXX.XX.XXXXxxxxxxverifiedHigh
12XX.XXX.XX.XXXxxxxxxverifiedHigh
13XX.XXX.XX.XXXXxxxxxxverifiedHigh
14XX.XXX.XX.XXXXxxxxxxverifiedHigh
15XX.XXX.XX.XXXXxxxxxxverifiedHigh
16XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx-xxxxxxxx.xxXxxxxxxverifiedHigh
17XX.XX.XXX.XXXXxxxxxxXxxxxxxxxxverifiedHigh
18XX.XX.XXX.XXXXxxxxxxXxxxxxxxxverifiedHigh
19XX.XX.XX.XXXxxxxxxXxxxxxxxxverifiedHigh
20XX.XXX.XXX.XXXXxxxxxxXxxxxxxxxverifiedHigh
21XX.XX.XXX.XXXXxxxxxxverifiedHigh
22XX.XX.XXX.XXXxxxxxxxxx.xxxxx.xxxXxxxxxxverifiedHigh
23XX.XX.XXX.XXXXxxxxxxverifiedHigh
24XX.XXX.XX.XXXXxxxxxxverifiedHigh
25XX.XXX.XX.XXXXxxxxxxverifiedHigh
26XX.XXX.XX.XXXxxxxxxx-xx-xxx-xx.xxxxxxx.xxxXxxxxxxXxxxxxxxxxverifiedHigh
27XXX.XXX.XXX.XXXXxxxxxxverifiedHigh
28XXX.XXX.XXX.XXXxxxxxxverifiedHigh
29XXX.XXX.XX.XXXXxxxxxxverifiedHigh
30XXX.X.XXX.XXXXxxxxxxverifiedHigh
31XXX.XXX.XXX.XXXXxxxxxxXxxxxxxxxxverifiedHigh
32XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
33XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxxverifiedHigh
34XXX.XXX.XX.XXXxxxxxxverifiedHigh
35XXX.XXX.XX.XXXXxxxxxxverifiedHigh
36XXX.XXX.XXX.XXXxxxxxxverifiedHigh
37XXX.XX.XXX.XXXxxxxxxXxxxxxxxxverifiedHigh
38XXX.XX.XXX.XXXXxxxxxxverifiedHigh
39XXX.XX.XXX.XXXXxxxxxxXxxxxxxxxverifiedHigh
40XXX.XXX.XX.XXXxxxxxxXxxxxxxxxxverifiedHigh
41XXX.XXX.XXX.XXXxxxxxxXxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (229)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2File/?/admin/snippet/addpredictiveHigh
3File/assets/something/services/AppModule.classpredictiveHigh
4File/bin/falsepredictiveMedium
5File/cgi-bin/luci/api/wirelesspredictiveHigh
6File/cgi-bin/webprocpredictiveHigh
7File/editsettingspredictiveHigh
8File/expert_wizard.phppredictiveHigh
9File/forum/away.phppredictiveHigh
10File/images/browserslide.jpgpredictiveHigh
11File/includes/lib/get.phppredictiveHigh
12File/loginpredictiveLow
13File/main?cmd=invalid_browserpredictiveHigh
14File/manager?action=getlogcatpredictiveHigh
15File/mcpredictiveLow
16File/plugins/Dashboard/Controller.phppredictiveHigh
17File/public/plugins/predictiveHigh
18File/rest/jpo/1.0/hierarchyConfigurationpredictiveHigh
19File/SASWebReportStudio/logonAndRender.dopredictiveHigh
20File/scas/admin/predictiveMedium
21File/static/ueditor/php/controller.phppredictiveHigh
22File/tlogin.cgipredictiveMedium
23File/tmp/scfgdndfpredictiveHigh
24File/uncpath/predictiveMedium
25File/uploadpredictiveLow
26File/usr/ucb/mailpredictiveHigh
27File/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx-xxxxxxxx/xxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxx/xxx/xxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxx/xxxxxxxxxx_xxxx_xxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx/xxxxx.xxx?xxxxxx=xxx_xxxxpredictiveHigh
33Filexxxx/xxxxxx/xxxxxx_xxxpredictiveHigh
34Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
35Filexxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
36Filexxx.xxx/xxx/xxxxxxpredictiveHigh
37Filexxx/xxxxxxxx/xxxxxxpredictiveHigh
38Filexxxxxx/xxxxxxxx.xxxxpredictiveHigh
39Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxx.xpredictiveLow
41Filexxx.xxxpredictiveLow
42Filexxxxx/xxxxxxx.xxxpredictiveHigh
43Filexxxxxx/xxx.xpredictiveMedium
44Filexxxxxx/xxxx.xpredictiveHigh
45Filexxxx.xpredictiveLow
46Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
48Filexxxx_xxxxx.xxxpredictiveHigh
49Filexxxx_xxxxxxx.xxxpredictiveHigh
50Filexxxxxxxx_xxxx.xxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxx.xxxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxx_xxxxxxxx.xxxpredictiveHigh
55Filexxxx_xxxxxxxx_xxxxxxxxx.xpredictiveHigh
56Filexxxxxx.xxxpredictiveMedium
57Filexxxx/xxxxxxxxxxxxxxxxpredictiveHigh
58Filexxxxx/xxxx.xxxpredictiveHigh
59Filexx/xx_xxxxx.xpredictiveHigh
60Filexxxxxxxxx.xxx.xxxpredictiveHigh
61Filexxxxxxx.xxxpredictiveMedium
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
64Filexxx.xxxpredictiveLow
65Filexxxxxxxxx.xxxxpredictiveHigh
66Filexxxx.xxxpredictiveMedium
67Filexxxxx_xxxx.xxxpredictiveHigh
68Filexxxx.xpredictiveLow
69Filexxxx_xxxx.xpredictiveMedium
70Filexx/xxx/xxx-xxxx.xpredictiveHigh
71Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
72Filexxx/xxxxxx.xxxpredictiveHigh
73Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
74Filexxxxxxx/xxxxxxx.xxxpredictiveHigh
75Filexxxxx.xxxpredictiveMedium
76Filexxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxx-xxxxxxxxx>/xxxxxxxxxx/xxx-xxxpredictiveHigh
78Filexxxxxxxxxxxxx.xxxpredictiveHigh
79Filexxx/xxx_xxxxxxxxxx.xpredictiveHigh
80Filexxxxxx.xpredictiveMedium
81Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
82Filexxxxxx/xxxxxx.xpredictiveHigh
83Filexxxxxx/xxxxx.xpredictiveHigh
84Filexxxxxxx.xx.xpredictiveMedium
85Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
87Filexxxxxxx/xxxxx/xx/xxxxxx/xxxxx.xxxxx.xxxpredictiveHigh
88Filexxxxx.xxxpredictiveMedium
89Filexxxxx.xxxpredictiveMedium
90Filexxxx.xxxpredictiveMedium
91Filexxxx.xxxxxx.xxpredictiveHigh
92Filexxxxxxxx.xxxpredictiveMedium
93Filexxxxxx.xxxpredictiveMedium
94Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
95Filexxxx/xxxxxx.xxxpredictiveHigh
96Filexxxx/xxxxxx.xxxpredictiveHigh
97Filexxxxxxxx.xxxpredictiveMedium
98Filexxxxxxx_xxxxxx.xxxpredictiveHigh
99Filexxxxx_xxxx.xpredictiveMedium
100Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
101Filexxxxx.xxxpredictiveMedium
102Filexxxxxxxxxx.xxxpredictiveHigh
103Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
104Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
105Filexxxxxxxxxx.xxxx.xxxpredictiveHigh
106Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
107Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
108Filexxxxx.xxxpredictiveMedium
109Filexxxx-xxxxxx.xpredictiveHigh
110Filexxxxxxx.xxxpredictiveMedium
111Filexxxxxxxx/xxxxx/xxxxxxx.xxxx?xxxxxxxxxx=xxxxxxxxxxxxxxxx/xxxxpredictiveHigh
112Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
113Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
114Filexxx/xxx.xxpredictiveMedium
115Filexxx_xxxxxx.xxxpredictiveHigh
116Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
117Filexxxx-xxxxxxxx.xxxpredictiveHigh
118FilexxxxxpredictiveLow
119Filexxxxxx.xxxpredictiveMedium
120Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
121Filexxx.xxxpredictiveLow
122Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
123Filexxx.xxxpredictiveLow
124Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
125Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
126Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
127Filexx-xxxxx.xxxpredictiveMedium
128File_xx_xxxxxpredictiveMedium
129File_x_/xxxx/_x_/xxx/xxxxxx_xxxxxxxxxxxxxpredictiveHigh
130Library/xxx/xxx/xxxx.xxxpredictiveHigh
131Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
132Libraryxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
133Libraryxxxxxxxxx.xxxpredictiveHigh
134Libraryxxxxxxxxxxx.xxxpredictiveHigh
135Libraryxxxxxx.xxxpredictiveMedium
136Libraryxxxxxxxx.xxxpredictiveMedium
137Libraryxxxxxxx.xxxpredictiveMedium
138Libraryxxx/xxxxxxxxx.xxxpredictiveHigh
139LibraryxxxxxxpredictiveLow
140Libraryxxxxxxx/xxxx/xxxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
141Libraryxxxxxxxx.xxxpredictiveMedium
142Libraryxxxxxx.xxx.xxxxxx.xxxpredictiveHigh
143Libraryxxxxxx.xxxpredictiveMedium
144Libraryxxxxxxxxxxxxx.xxxpredictiveHigh
145Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
146Libraryxxxxxx.xxxxxxx('xxxxx_xxxx:/xxx/xxxxxx')predictiveHigh
147ArgumentxxxxpredictiveLow
148Argumentxxx_xxxpredictiveLow
149Argumentxxxx_xxpredictiveLow
150ArgumentxxxxxxxxxxxxxpredictiveHigh
151ArgumentxxxxxxxxpredictiveMedium
152Argumentxxxxx_xxxxpredictiveMedium
153ArgumentxxxxpredictiveLow
154ArgumentxxxxxpredictiveLow
155Argumentxxx_xxpredictiveLow
156ArgumentxxxxxxxpredictiveLow
157ArgumentxxxxxxxpredictiveLow
158Argumentxxxxxxx_xxx/xxxxxpredictiveHigh
159ArgumentxxxxxxxxxxxxxxpredictiveHigh
160Argumentxxxxxx/xxxxxxxpredictiveHigh
161ArgumentxxxxxxxxxxxxxxxpredictiveHigh
162Argumentxxxx_xxxxxx_xxxxxxxxxpredictiveHigh
163ArgumentxxxxxpredictiveLow
164Argumentxx_xxxxx_xxpredictiveMedium
165ArgumentxxxxxpredictiveLow
166Argumentxxxxxxx xxxxpredictiveMedium
167ArgumentxxxxpredictiveLow
168ArgumentxxxxxxxxpredictiveMedium
169Argumentxxxx xxxxpredictiveMedium
170ArgumentxxxxxxxpredictiveLow
171Argumentxx_x~xxpredictiveLow
172ArgumentxxxxpredictiveLow
173ArgumentxxxxpredictiveLow
174ArgumentxxxxxxxxpredictiveMedium
175Argumentxxxx_xxxxxpredictiveMedium
176ArgumentxxpredictiveLow
177ArgumentxxxxxpredictiveLow
178ArgumentxxxxxxpredictiveLow
179ArgumentxxxxpredictiveLow
180ArgumentxxxpredictiveLow
181ArgumentxxxxpredictiveLow
182Argumentxxxxx_xxxxx_xxpredictiveHigh
183Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
184ArgumentxxxxxpredictiveLow
185ArgumentxxxxxxxpredictiveLow
186ArgumentxxxxxpredictiveLow
187Argumentxxxxx_xxxxpredictiveMedium
188ArgumentxxxxpredictiveLow
189ArgumentxxxxxxxxpredictiveMedium
190ArgumentxxxxxxxxpredictiveMedium
191ArgumentxxxpredictiveLow
192ArgumentxxxxxxxpredictiveLow
193Argumentxxxx_xxxxxpredictiveMedium
194Argumentxxxxxx_xxxxxx_xxxxpredictiveHigh
195ArgumentxxxxxxxxpredictiveMedium
196ArgumentxxxxxxxxpredictiveMedium
197Argumentxxxx_xxxx_xxxxpredictiveHigh
198Argumentxxxxxx_xxxxxxx_xxxxxxxxx_xxxx/xxxxxx_xxxxxxx_xxxxxxx_xxxxpredictiveHigh
199ArgumentxxxxpredictiveLow
200ArgumentxxxxxxxxxxpredictiveMedium
201ArgumentxxxxpredictiveLow
202Argumentxxxx_xxxxxpredictiveMedium
203ArgumentxxxpredictiveLow
204Argumentxxxx_xxpredictiveLow
205Argumentxxx_xxxxxpredictiveMedium
206ArgumentxxxxxxxxpredictiveMedium
207ArgumentxxxxxxxxxpredictiveMedium
208Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
209ArgumentxxxxxxpredictiveLow
210ArgumentxxxxxxxxpredictiveMedium
211ArgumentxxxxxxxxxxpredictiveMedium
212ArgumentxxxxpredictiveLow
213ArgumentxxxxxxxxpredictiveMedium
214ArgumentxxxpredictiveLow
215ArgumentxxxpredictiveLow
216Argumentxxx_xxx_xxxxxxxxpredictiveHigh
217ArgumentxxpredictiveLow
218Argumentxxxxxxxxxxxx[xxxx]predictiveHigh
219ArgumentxxxxxpredictiveLow
220Argumentxxxx->xxxxxxxpredictiveHigh
221Argumentx-xxxx-xxxxxpredictiveMedium
222Argument_x_xxxxxxxxxxpredictiveHigh
223Argument_xxxxxxxpredictiveMedium
224Input Value%xx%xx%xxxxx%xxxxx=x%xxxxxxxxx=xxxxx(x)%xxpredictiveHigh
225Input Value..predictiveLow
226Input Value/%xxpredictiveLow
227Input Valuex'predictiveLow
228Network PortxxxxpredictiveLow
229Network Portxxx/xxx (xxxx)predictiveHigh

References (11)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!