Description
Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). These include an undocumented keylogger called KLogEXE and a variant of a backdoor named FPSpy. The analysis reveals the group's evolving capabilities and extensive arsenal. Both malware samples share code similarities and utilize sophisticated techniques for data exfiltration and command execution. The research highlights Sparkling Pisces' continuous evolution, expanding infrastructure, and targeting of South Korean and Japanese entities. The discovery enhances understanding of the group's tactics and provides insights for better defense against such threats.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 26, 2024, 4:15 p.m. | Sept. 26, 2024, 4:15 p.m. | Sept. 26, 2024, 6:10 p.m. |
Indicators
c69cd6a9a09405ae5a60acba2f9770c722afde952bd5a227a72393501b4f5343
faf666019333f4515f241c1d3fcfc25c67532463245e358b90f9e498fe4f6801
a173a425d17b6f2362eca3c8ea4de9860b52faba414bbb22162895641dda0dc2
990b7eec4e0d9a22ec0b5c82df535cf1666d9021f2e417b49dc5110a67228e27
2e768cee1c89ad5fc89be9df5061110d2a4953b336309014e0593eb65c75e715
152.32.138.167
Attack Patterns
KLogEXE
FPSpy
Sparkling Pisces
T1074
T1059.001
T1056.001
T1113
T1082
T1057
T1105
T1083
T1020
T1140
T1132
T1027
Additional Informations
Technology
Government
Japan