Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy
Sept. 27, 2024, 5:47 p.m.
Tags
External References
Description
Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). These include an undocumented keylogger called KLogEXE and a variant of a backdoor named FPSpy. The analysis reveals the group's evolving capabilities and extensive arsenal. Both malware samples share code similarities and utilize sophisticated techniques for data exfiltration and command execution. The research highlights Sparkling Pisces' continuous evolution, expanding infrastructure, and targeting of South Korean and Japanese entities. The discovery enhances understanding of the group's tactics and provides insights for better defense against such threats.
Date
Published: Sept. 26, 2024, 4:15 p.m.
Created: Sept. 26, 2024, 4:15 p.m.
Modified: Sept. 27, 2024, 5:47 p.m.
Attack Patterns
KLogEXE
FPSpy
Sparkling Pisces
T1074
T1059.001
T1056.001
T1113
T1082
T1057
T1105
T1083
T1020
T1140
T1132
T1027
Additional Informations
Technology
Government
Japan