Threat Intelligence Report

We Dumped a Live Kimsuky C2 and Recovered Every Stage of the Kill Chain: CHM Dropper, VBScript Stager, PowerShell Keylogger

📅 April 14, 2026 📰 intel.breakglass.tech 🔍 0 CVE(s) referenced

Researchers recovered the full, live Kimsuky (APT43) CHM malware kill chain—including all payload source code, keylogger, and exfiltration mechanisms—by exploiting an exposed C2 server, mapping 79+ domains, and linking this campaign to broader North Korean credential phishing infrastructure targeting South Korean users.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle