216.73.217.80

Unraveling Tool Set: KLogEXE and FPSpy

· Published 26/09/2024 16:15 · Modified 26/09/2024 18:10

Export JSON

Essential information

Published
26/09/2024 16:15
Modified
26/09/2024 18:10
Tags
2024-09-26 fpspy klogexe
Related entities
8 observables, 1 intrusion sets (apt), 12 techniques (mitre), 2 malware, 3 others

Description

Unit 42 researchers have uncovered two new malware samples used by the North Korean threat group Sparkling Pisces (aka Kimsuky). These include an undocumented keylogger called and a variant of a backdoor named . The analysis reveals the group's evolving capabilities and extensive arsenal. Both malware samples share code similarities and utilize sophisticated techniques for data exfiltration and command execution. The research highlights Sparkling Pisces' continuous evolution, expanding infrastructure, and targeting of South Korean and Japanese entities. The discovery enhances understanding of the group's tactics and provides insights for better defense against such threats.

External references