SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.randomquery (Back to overview)

RandomQuery

Actor(s): Kimsuky

A set of powershell scripts, using services like Google Docs and Dropbox as C2.

References
2025-02-13SecuronixDen Iyzvyk, Tim Peck
Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
RandomQuery
2024-03-18SecuronixDen Iyzvyk, Oleg Kolesnikov, Tim Peck
Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware
RandomQuery

There is no Yara-Signature yet.