APT trends report Q1 2024
2024-05-09 • Kaspersky •
Kaspersky's Q1 2024 APT roundup includes a Kimsuky operation that abused legitimate software used only in South Korea as the initial infection vector. The legitimate program connected to an attacker server and retrieved first-stage malware that installed a loader as a Windows service for persistence. The final payload was a previously unknown Golang backdoor named Durian, with command execution, additional download, and file exfiltration capabilities. The operators also deployed AppleSeed, an HTTP backdoor commonly associated with Kimsuky, to help maintain victim access.
Related Actors
Related Reports
Shares tags: Trend, Andariel, Kimsuky • Published within a week
Shares tags: Trend, Andariel, Kimsuky • Same author: Kaspersky
Shares tags: Andariel, Kimsuky • Published within a month
Shares tags: Andariel, Kimsuky • Published within a month
2024-07-19 •
47% Match
#Trend
#Andariel
#Kimsuky
#MoonstoneSleet
#Lazarus
#T1082
#T1059.003
#T1090
#T1140
#T1005
#T1070.004
#T1041
#T1113
#T1555
#T1560
#T1071.001
#T1046
#T1112
#T1115
#T1083
#T1497
#T1056.001
#T1036
#T1027
#T1204.002
#T1566.002
#T1555.003
#T1071
#T1124
#T1222
#T1552
#T1057
#T1583.003
#T1518.001
#T1547.001
#T1053.005
#T1539
#T1608.005
#T1583.001
#T1059.001
#T1053
#T1552.001
#T1566
#T1059
#T1003
#T1497.001
#T1102.001
#T1574.002
#T1562.001
#T1490
#T1486
#T1129
#T1133
#T1571
#T1548
#T1190
#T1203
#T1564.001
#T1087
#T1562.004
#T1218.011
#T1070.006
#T1547
#T1068
#T1614
#T1573
#T1095
#T1562
#T1070
#T1047
#T1056
#T1176
#T1010
#T1033
#T1569.002
#T1543.003
#T1485
#T1012
#T1202
#T1087.002
#T1021.004
#T1222.001
#T1518
#T1564.003
#T1505.003
#T1069.002
#T1564
#T1595.002
#T1027.005
#T1070.001
#T1056.004
#T1584
Shares tags: Trend, Andariel, Kimsuky
Shares tags: Trend, Andariel, Kimsuky • Same author: Kaspersky