Kimsuky Group’s New Backdoor (HappyDoor)
July 8, 2024, 7:26 p.m.
Tags
External References
Description
This report provides a detailed analysis of the HappyDoor malware, a new backdoor utilized by the Kimsuky threat group known for targeting organizations with spear-phishing attacks. The malware employs sophisticated techniques like self-duplication, hidden execution paths, and encrypted communication to maintain persistence and evade detection. HappyDoor is equipped with various malicious capabilities, including information theft through keylogging, file exfiltration, and voice recording, as well as backdoor functionalities allowing remote control and code execution. The analysis covers the malware's distribution methods, execution flow, communication protocols, registry configurations, and a comprehensive list of its features.
Date
Published: July 8, 2024, 6:34 p.m.
Created: July 8, 2024, 6:34 p.m.
Modified: July 8, 2024, 7:26 p.m.
Indicators
uo.zosua.o-r.kr
syrsd.p-e.kr
on.ktspace.p-e.kr
jp.hyyeo.p-e.kr
go.ktspace.p-e.kr
aa.olixa.p-e.kr
ai.hyyeo.p-e.kr
Attack Patterns
HappyDoor
Kimsuky
T1124
T1136
T1113
T1573
T1489
T1486
T1564
T1105
T1083
T1592
T1027
T1566