Today > 2 Critical | 6 High | 8 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

Unraveling Tool Set: KLogEXE and FPSpy

Sept. 26, 2024, 6:10 p.m.

Description

Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). These include an undocumented keylogger called KLogEXE and a variant of a backdoor named FPSpy. The analysis reveals the group's evolving capabilities and extensive arsenal. Both malware samples share code similarities and utilize sophisticated techniques for data exfiltration and command execution. The research highlights Sparkling Pisces' continuous evolution, expanding infrastructure, and targeting of South Korean and Japanese entities. The discovery enhances understanding of the group's tactics and provides insights for better defense against such threats.

Date

Published: Sept. 26, 2024, 4:15 p.m.

Created: Sept. 26, 2024, 4:15 p.m.

Modified: Sept. 26, 2024, 6:10 p.m.

Indicators

c69cd6a9a09405ae5a60acba2f9770c722afde952bd5a227a72393501b4f5343

faf666019333f4515f241c1d3fcfc25c67532463245e358b90f9e498fe4f6801

a173a425d17b6f2362eca3c8ea4de9860b52faba414bbb22162895641dda0dc2

990b7eec4e0d9a22ec0b5c82df535cf1666d9021f2e417b49dc5110a67228e27

2e768cee1c89ad5fc89be9df5061110d2a4953b336309014e0593eb65c75e715

152.32.138.167

nidlogin.apollo.r-e.kr

mail.apollo-page.r-e.kr

Attack Patterns

KLogEXE

FPSpy

Sparkling Pisces

T1074

T1059.001

T1056.001

T1113

T1082

T1057

T1105

T1083

T1020

T1140

T1132

T1027

Additional Informations

Technology

Government

Japan