BabyShark
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 07/10/2019 21:05
- Modified
- 27/03/2026 01:06
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 29 attack patterns (mitre), 1 intrusion sets (apt), 7 sectors, 2 countries, 18 indicators, 1 reports
Aliases
LATEOP
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (29)
-
T1027 usesObfuscated Files or Information MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1132.001 usesStandard Encoding MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1055 usesProcess Injection MITRE
-
T1059.003 usesWindows Command Shell MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1047 usesWindows Management Instrumentation MITRE
-
T1497 usesVirtualization/Sandbox Evasion MITRE
-
T1053.005 usesScheduled Task MITRE
-
T1056 usesInput Capture MITRE
-
T1012 usesQuery Registry MITRE
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (7)
-
Defense targets
-
Defense ministries (including the military) targets
-
Universities targets
-
Media targets
-
Technology targets
-
Energy targets
-
Diplomacy targets
Countries (2)
-
Korea, Republic of targets
-
Korea, Democratic People's Republic of targets
Indicators (18)
-
download.uberlingen.comindicatesstix 100/100 Revoked· Valid until 17/05/2026 · Source: AlienVault -
stix 100/100 Revoked
stack_string SHA256 of 537806c02659a12c5b21efa51b2322c1
· Valid until 08/06/2026 · Source: AlienVault -
stix 100/100 Revoked
SUSP_Double_Base64_Encoded_Executable SHA256 of 8346d90508b5d41d151b7098c7a3e868
· Valid until 08/06/2026 · Source: AlienVault -
stix 100/100 Revoked
ConventionEngine_Keyword_UAC SHA256 of 7313dc4d9d6228e442fc6ef9ba5a1b9a
· Valid until 21/01/2025 · Source: AlienVault -
stix 100/100 Revoked
apt_kimsuky_implant_autopred SHA256 of 7a0c0a4c550a95809e93ab7e6bdcc290
· Valid until 08/06/2026 · Source: AlienVault
Reports (1)
-
9 MITREs 2 Malwares 14 Observables 1 APT