New #phishing assets of the #Kimsuky #APT group: #IOC: 141.164.56[.]44 taxdeliveryservice.kro[.]kr userauthoritydoc.p-e[.]kr i.secai.ai/research/141.164.… i.secai.ai/research/taxdeliv… i.secai.ai/research/userauth…

The #Konni #APT group used #compromised websites for command and control. #IOC: yukiicreatives[.]com rayanlynch[.]com i.secai.ai/research/yukiicre… i.secai.ai/research/rayanlyn…

The #Kimsuky #APT group conducted #phishing using a Korean domain that means "Ministry of the Interior and Safety notification." #IOC: 27.102.138.155 행정안전부통지서.홈페이지.한국 블로그신고안내.메인.한국 i.secai.ai/research/27.102.1… i.secai.ai/research/xn--or3b… i.secai.ai/research/xn--299a…

The #Konni #APT group used #compromised websites to deliver information. #IOC: bergaeroworks[.]co[.]za sitisrlweb[.]com seacura[.]com i.secai.ai/research/bergaero… i.secai.ai/research/sitisrlw… i.secai.ai/research/seacura.…

Last chance to meet us at @GISECGlobal! The @SecAI_AI Booth at P48 is open for one more day. Find out how AI-powered threat intelligence can give your security team a critical edge. See you there!

The #Kimsuky #APT group used the #BabyShark trojan to connect to its C2 server via a revoked TLS certificate. #sha256: 8503a57fa9e3424cc1cb39f8cd15419840eaa73277e9fe383a1bebb518ef9ede(RemoteControl.dll) #C2: first.pokerstarus.kro[.]kr i.secai.ai/research/pokersta… Domain resolved to IP 221.162.112.235, re-resovled to over 20 suspicious .kro.kr domains. i.secai.ai/research/221.162.…

Day 2 at @GISECGlobal! Stop by Booth P48 to see why @SecAI_AI Investigator is making waves in Threat Intel. We're giving away 15-day Pro access codes—grab yours and see the power for yourself.

The #Konni #APT group used the #compromised site to download files. #IOC: deliberatecollaboration[.]com i.secai.ai/research/delibera…

It’s going to be a packed day at @GISECGlobal with world-class sessions, but don’t miss a visit to @SecAI_AI at Booth P48. Stop by to see how our proprietary threat intelligence gives you actionable intelligence with near-zero false positives. See you there!

Just 1 more day to @GISECGlobal! Come find @SecAI_AI at Booth P48 to have an hands-on experience of faster, smarter threat investigations powered by AI. Plus, try your luck at our onsite Lucky Draw! 🎁 See you then!

New #phishing assets of #Kimsuky #APT group: 158.247.247[.]157 i.secai.ai/research/158.247.… mexc-signin.kro[.]kr i.secai.ai/research/mexc-sig… yourinfo.kro[.]kr i.secai.ai/research/yourinfo… 141.164.53[.]3 i.secai.ai/research/141.164.… userdoc-sign.kro[.]kr i.secai.ai/research/userdoc-… getdocservice.r-e[.]kr i.secai.ai/research/getdocse… mexc-enkr.kro[.]kr i.secai.ai/research/mexc-enk…

The #Konni #APT group uses the #compromised site holosformations[.]fr to download files. C2: 49.12.47[.]155:443 i.secai.ai/research/holosfor… i.secai.ai/research/49.12.47… Hash: 869705fd4dd777d4ab5c662806b42fe43bff6b58e085a64804486326b35fee47 It is related to #ChatGPT, uses an #AutoIt script for callback, and supports multiple functions such as file display, exfiltration, and downloading.

New #phishing assets of the #Kimsuky #APT group: 210.114.14.234 i.secai.ai/research/210.114.… secinput.n-e[.]kr i.secai.ai/research/secinput… secuinput.r-e[.]kr i.secai.ai/research/secuinpu… secinput.o-r[.]kr i.secai.ai/research/secinput… 158.247.243.223 i.secai.ai/research/158.247.… updateinfo.r-e[.]kr i.secai.ai/research/updatein… completeinfo.r-e[.]kr i.secai.ai/research/complete… preinfo.r-e[.]kr i.secai.ai/research/preinfo.…

Recently, the #Konni #APT group has used a large number of #compromised websites to transmit information of infected hosts. ausbildungsbuddy[.]de i.secai.ai/research/ausbildu……absongkhla[.]com i.secai.ai/research/absongkh… beldy[.]ma i.secai.ai/research/beldy.ma go2kgstan[.]com i.secai.ai/research/go2kgsta… holosformations[.]fr i.secai.ai/research/holosfor… michaelagee[.]com i.secai.ai/research/michaela…

New #phishing assets of the #Kimsuky #APT group: #IOC: 158.247.202[.]109 portiondoc.o-r[.]kr i.secai.ai/research/158.247.… i.secai.ai/research/portiond…

🚀 The new version of SecAI is live! We’ve made major upgrades to help you analyze IPs and domains more effectively: ✅ Clear Verdicts – Malicious, Suspicious, Unknown, or Benign — based on multi-source intelligence 🏷️ Multi-layered Labels – Threat types, malware linkage, attribution, and campaign tags 📊 Historical Attacks – Visualize historical attack activity patterns of IPs 📚 Rich Intelligence contexts – Includes cybermapping data, WHOIS, DNS, certificates, related files, and more 🛠️ Feeds & API (coming soon) – Structured output for platform integration and automation 🔗 Try it now: i.secai.ai/research #ThreatIntelligence #CyberSecurity #SecAI

Looking forward to @RSAConference 2025? Stop by booth #Booth N-6570 to meet our team and check out our TI-enriched and AI-driven cybersecurity solutions. You're just one step away from levelling up your security operation. If you don't have a pass. Don't worry! Here is the Invitation Code: 52ESECAIXP Registration link: path.rsaconference.com/flow/… See you at the RSA Conference 2025! #RSAC

New #phishing assets of the #Kimsuky #APT group: #IOC: 158.247.192[.]105 ips-check.o-r[.]kr i.secai.ai/research/158.247.… i.secai.ai/research/ips-chec…

The #Kimsuky #APT group also registered other #phishing assets. #IOC: 158.247.242[.]169 i.secai.ai/research/158.247.…

The #Kimsuky #APT group used phishing sites to collect account credentials, but the sites has not been resolved to any IP addresses. #IOC: post.blogalarm.kro[.]kr nid-info.checkmyblog.kro[.]kr i.secai.ai/research/blogalar… i.secai.ai/research/checkmyb…