- Mar 31, 2021
- 1 min read

Adversary | Kimusky

Updated: Apr 3, 2021

Also Known As

Velvet Chollima

Origin

North Korea

Target Countries

Japan | South Africa | France | Russian Federation | South Korea | United Kingdom | United States

Targeted Verticals

Critical Infrastructure

Financial Services

Healthcare

Government | Military

MITRE TTPs

Archive Collected Data: Archive via Custom Method

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Browser Extensions

Command and Scripting Interpreter: PowerShell

Create or Modify System Process: Windows Service

Credentials from Password Stores: Credentials from Web Browsers

Data from Local System

Event Triggered Execution: Change Default File Association

Exfiltration Over C2 Channel

File and Directory Discovery

Impair Defenses: Disable or Modify Tools

Impair Defenses: Disable or Modify System Firewall

Indicator Removal on Host: File Deletion

Input Capture: Keylogging

Phishing: Spearphishing Attachment

Phishing: Spearphishing Link

Process Injection

Remote Access Software

Signed Binary Proxy Execution: Mshta

System Information Discovery

Related Posts

DATA BREACH | MasMovil

DATA BREACH | Humana

DATA BREACH | Ticketclub.it