KMsec blog

ID: 4bbe082c-5e3e-5da7-8d30-832e4f5dfe26

STIX ID: identity--4bbe082c-5e3e-5da7-8d30-832e4f5dfe26

Feed Type: rss

Earliest post: 2021-08-06

Latest post: 2026-05-01

The KMsec blog is an independent cybersecurity research blog sharing deep technical analyses and threat intelligence—particularly on malware campaigns, attacker infrastructure, and OSINT investigations

Exclude posts that do not describe a security incident

Classification

Min Pub Date

01/01/2020

Max Pub Date

06/04/2026

Title	Date Published ↓	Describes Incident	Visible
Parsing Google Docs HTML	2026-04-24	True	True
Contagious Trader campaign - Coordinated weaponisation of cryptocurrency trading bots by suspected DPRK malware operators	2026-03-17	True	True
First instance of PylangGhost RAT observed on npm	2026-03-13	True	True
Novel DPRK stager using Pastebin and text steganography	2026-02-26	True	True
Tracking DPRK operator IPs over time	2026-02-22	True	True
DPRK tests Google Drive as a malware stager	2026-02-21	True	True
Exposed DPRK reference malware and logs	2026-02-16	True	True
VMWare artifacts left by a FAMOUS CHOLLIMA operator	2026-02-13	True	True
Passive Takeover - uncovering (and emulating) an expensive subdomain takeover campaign	2023-03-05	True	True
Passive Takeover - uncovering (and emulating) an expensive subdomain takeover campaign	2023-03-05	True	True
Fingerprinting C2s with Shodan	2023-01-06	True	True
Tracking Crimson Kingsnake	2023-01-06	True	True
Tracking Crimson Kingsnake	2023-01-06	True	True
Fingerprinting C2s with Shodan	2023-01-06	True	True