Infostealer
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:41
- Modified
- 21/12/2025 02:11
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 31 attack patterns (mitre), 1 intrusion sets (apt), 4 sectors, 3 countries, 42 indicators, 1 vulnerabilities (cve), 2 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (31)
-
T1573 usesEncrypted Channel MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1033 usesSystem Owner/User Discovery MITRE
-
T1055 usesProcess Injection MITRE
-
T1120 usesPeripheral Device Discovery MITRE
-
T1546 usesEvent Triggered Execution MITRE
-
T1548 usesAbuse Elevation Control Mechanism MITRE
-
T1021 usesRemote Services MITRE
-
T1566 usesPhishing MITRE
-
T1132 usesData Encoding MITRE
-
T1056 usesInput Capture MITRE
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (4)
-
Energy targets
-
Defense targets
-
Diplomacy targets
-
Technology targets
Countries (3)
-
Korea, Democratic People's Republic of targets
-
Korea, Republic of targets
-
China targets
Indicators (42)
-
stix 100/100 Revoked
VMProtectSDK SHA256 of 0bf558adde774215bb221465a4edd2fe
· Valid until 17/03/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 22/05/2026 · Source: AlienVault
-
stix 100/100 Revoked
VMProtectSDK SHA256 of 093608a2d6eb098eb7ea917cc22e9998
· Valid until 17/03/2025 · Source: AlienVault -
stix 100/100 Revoked
VMProtectSDK SHA256 of 5c2809177bb95edc68f9a08a96420bb7
· Valid until 17/03/2025 · Source: AlienVault -
stix 100/100· Valid until 15/03/2027 · Source: AlienVault
-
stix 100/100 Revoked
SHA256 of 0f5762be09db44b2f0ccf05822c8531a
· Valid until 17/03/2025 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 119063c82373598d00d17734dd280016
· Valid until 17/03/2025 · Source: AlienVault -
stix 100/100 Revoked
VMProtectSDK SHA256 of 1ac0b0da11e413a21bec08713e1e7c59
· Valid until 17/03/2025 · Source: AlienVault
Vulnerabilities (CVE) (1)
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a …
- Attack vector
- NETWORK
- Published
- 07/01/2026
- Modified
- 09/03/2026
Reports (2)
-
1 CVE 15 MITREs 2 Malwares 4 Observables
-
8 MITREs 1 Malware 2 Observables