Appearance of Kimsuky group's new backdoor (HappyDoor)
July 1, 2024, 11:15 a.m.
Description
Asec Ahnlab analyzes a new backdoor malware called HappyDoor used by the North Korean hacking group Kimsuky in recent email attacks. The malware has evolved over time and contains capabilities for information stealing and remote access. It communicates with command and control servers using encrypted HTTP packets. The report provides technical details on the malware's registry configuration, packet structure, and main capabilities like screenshot capture, keylogging, and command execution.
Tags
Date
- Created: July 1, 2024, 10:37 a.m.
- Published: July 1, 2024, 10:37 a.m.
- Modified: July 1, 2024, 11:15 a.m.
Indicators
- http://ai.hyyeo.pe.kr/index.php
- http://jp.hyyeo.pe.kr/index.php
- http://uo.zosua.or.kr/index.php
- http://aa.olixa.pe.kr/index.php
- http://on.ktspace.pe.kr/index.php
- http://go.ktspace.pe.kr/index.php
- http://users.nya.pub/index.php
- http://app.seoul.minia.ml/kinsa.php
- ai.hyyeo.pe.kr
- jp.hyyeo.pe.kr
- uo.zosua.or.kr
- on.ktspace.pe.kr
- aa.olixa.pe.kr
- go.ktspace.pe.kr
- users.nya.pub
- app.seoul.minia.ml
Additional Informations
- Military
- Government