It’s going to be a packed day at @GISECGlobal with world-class sessions, but don’t miss a visit to @SecAI_AI at Booth P48. Stop by to see how our proprietary threat intelligence gives you actionable intelligence with near-zero false positives. See you there!

New #phishing assets of the #Kimsuky #APT group:.#IOC:.141.164.56[.]44.taxdeliveryservice.kro[.]kr.userauthoritydoc.p-e[.]kr.

The #Konni #APT group used #compromised websites for command and control. #IOC:.yukiicreatives[.]com.rayanlynch[.]com.

The #Kimsuky #APT group conducted #phishing using a Korean domain that means "Ministry of the Interior and Safety notification.".#IOC:.27.102.138.155.행정안전부통지서.홈페이지.한국.블로그신고안내.메인.한국.

The #Konni #APT group used #compromised websites to deliver information. #IOC:.bergaeroworks[.]co[.]za.sitisrlweb[.]com.seacura[.]com.

Last chance to meet us at @GISECGlobal! The @SecAI_AI Booth at P48 is open for one more day. Find out how AI-powered threat intelligence can give your security team a critical edge. See you there!

The #Kimsuky #APT group used the #BabyShark trojan to connect to its C2 server via a revoked TLS certificate. #sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll).#C2: first.pokerstarus.kro[.]kr.Domain resolved to IP

Day 2 at @GISECGlobal!.Stop by Booth P48 to see why @SecAI_AI Investigator is making waves in Threat Intel. We're giving away 15-day Pro access codes—grab yours and see the power for yourself.

The #Konni #APT group used the #compromised site to download files. #IOC: deliberatecollaboration[.]com.

Just 1 more day to @GISECGlobal! Come find @SecAI_AI at Booth P48 to have an hands-on experience of faster, smarter threat investigations powered by AI. Plus, try your luck at our onsite Lucky Draw! 🎁. See you then!

New #phishing assets of #Kimsuky #APT group:.158.247.247[.]157.mexc-signin.kro[.]kr.yourinfo.kro[.]kr.141.164.53[.]3.userdoc-sign.kro[.]kr.

The #Konni #APT group uses the #compromised site holosformations[.]fr to download files. C2: 49.12.47[.]155:443.Hash: 869705fd4dd777d4ab5c662806b42fe43bff6b58e085a64804486326b35fee47 .It is related to #ChatGPT, uses an #AutoIt

New #phishing assets of the #Kimsuky #APT group:.210.114.14.234.secinput.n-e[.]kr.secuinput.r-e[.]kr.secinput.o-r[.]kr.158.247.243.223.updateinfo.r-e[.]kr

Recently, the #Konni #APT group has used a large number of #compromised websites to transmit information of infected hosts. ausbildungsbuddy[.]de absongkhla[.]com beldy[.]ma .go2kgstan[.]com

New #phishing assets of the #Kimsuky #APT group: #IOC: .158.247.202[.]109.portiondoc.o-r[.]kr.

🚀 The new version of SecAI is live!.We’ve made major upgrades to help you analyze IPs and domains more effectively:.✅ Clear Verdicts – Malicious, Suspicious, Unknown, or Benign — based on multi-source intelligence.🏷️ Multi-layered Labels – Threat types, malware linkage,

Looking forward to @RSAConference 2025? Stop by booth #Booth N-6570 to meet our team and check out our TI-enriched and AI-driven cybersecurity solutions. You're just one step away from levelling up your security operation. If you don't have a pass. Don't worry! Here is the

New #phishing assets of the #Kimsuky #APT group:.#IOC:.158.247.192[.]105.ips-check.o-r[.]kr.

The #Kimsuky #APT group also registered other #phishing assets. #IOC: 158.247.242[.]169.

The #Kimsuky #APT group used phishing sites to collect account credentials, but the sites has not been resolved to any IP addresses. #IOC:.post.blogalarm.kro[.]kr.nid-info.checkmyblog.kro[.]kr.