Kimsuky

MITRE G0144Also known as Velvet Chollima, APT43, Ruby Sleet, Black Banshee, Sparkling Pisces, Springtail, Cerium
Reports
4
First seen
Nov 6
Last seen
May 29
Motivation
espionage, espionage and geopolitical objectives

Targeting

Sectors
government ×2
Victim regions
South Korea ×2

Top ATT&CK techniques

T1041 Exfiltration Over C2 Channel ×3T1566 Phishing ×3T1219 Remote Access Software ×2T1561 Disk Wipe ×2T1557 Adversary-in-the-Middle ×2T1486 Data Encrypted for Impact ×2T1190 Exploit Public-Facing Application ×2T1078 Valid Accounts ×1T1113 Screen Capture ×1T1543 Create or Modify System Process ×1T1110 Brute Force ×1T1021 Remote Services ×1

Indicators

filename ×22hash_md5 ×19domain ×17url ×8hash_sha1 ×2registry_key ×1

Indicator values are available on Pro and via the API.

Recent reports

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.