Appearance of Kimsuky group's new backdoor (HappyDoor)

216.73.217.80

Appearance of Kimsuky group's new backdoor (HappyDoor)

· Published 01/07/2024 10:37 · Modified 01/07/2024 11:15

Essential information

Published: 01/07/2024 10:37
Modified: 01/07/2024 11:15
Tags: 2024-07-01 appleseed backdoor cyber espionage happydoor information-stealing kimsuky north korea
Related entities: 16 observables, 1 intrusion sets (apt), 7 techniques (mitre), 2 malware, 2 others

Description

Asec Ahnlab analyzes a new backdoor malware called HappyDoor used by the North Korean hacking group Kimsuky in recent email attacks. The malware has evolved over time and contains capabilities for information stealing and remote access. It communicates with command and control servers using encrypted HTTP packets. The report provides technical details on the malware's registry configuration, packet structure, and main capabilities like screenshot capture, keylogging, and command execution.

External references

https://asec.ahnlab.com/ko/67128/
https://otx.alienvault.com/pulse/668286d061fffcf1cca2c49f