Kimsuky

2019-08-26 MITRE

https://attack.mitre.org/groups/G0094/

Thumbnail for Kimsuky

The MITRE ATT&CK entry catalogs Kimsuky, also tracked as APT43, THALLIUM, Emerald Sleet, and related aliases, with techniques spanning infrastructure acquisition, credential theft, exfiltration, and persistence. The group has registered spoofed domains, used Blogspot and Dropbox for targeting or payload hosting, and leveraged HTTP, FTP, and email for command-and-control or data movement. Documented behaviors include archiving stolen files, RC4 encryption before exfiltration, scheduled exfiltration checks, and abuse of local or domain groups. The page provides a technique-focused reference for defenders mapping Kimsuky activity to ATT&CK detections.

Related Actors

Related Reports

2024-07-19 • 37% Match
#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1082 #T1059.003 #T1090 #T1140 #T1005 #T1070.004 #T1041 #T1113 #T1555 #T1560 #T1071.001 #T1046 #T1112 #T1115 #T1083 #T1497 #T1056.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1071 #T1124 #T1222 #T1552 #T1057 #T1583.003 #T1518.001 #T1547.001 #T1053.005 #T1539 #T1608.005 #T1583.001 #T1059.001 #T1053 #T1552.001 #T1566 #T1059 #T1003 #T1497.001 #T1102.001 #T1574.002 #T1562.001 #T1490 #T1486 #T1129 #T1133 #T1571 #T1548 #T1190 #T1203 #T1564.001 #T1087 #T1562.004 #T1218.011 #T1070.006 #T1547 #T1068 #T1614 #T1573 #T1095 #T1562 #T1070 #T1047 #T1056 #T1176 #T1010 #T1033 #T1569.002 #T1543.003 #T1485 #T1012 #T1202 #T1087.002 #T1021.004 #T1222.001 #T1518 #T1564.003 #T1505.003 #T1069.002 #T1564 #T1595.002 #T1027.005 #T1070.001 #T1056.004 #T1584
Shares tags: Kimsuky, T1082, T1140
2024-09-12 • 36% Match
#Kimsuky #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1005 #T1070.004 #T1587.001 #T1041 #T1608.001 #T1071.001 #T1112 #T1083 #T1056.001 #T1059.006 #T1204.001 #T1059.007 #T1036 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1057 #T1059.005 #T1583.006 #T1518.001 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1598.003 #T1583.001 #T1059.001 #T1036.005 #T1552.001 #T1585.001 #T1105 #T1219 #T1055 #T1553.002 #T1562.001 #T1027.002 #T1133 #T1190 #T1098 #T1016 #T1074.001 #T1588.002 #T1055.012 #T1587 #T1078.003 #T1071.002 #T1562.004 #T1550.002 #T1111 #T1071.003 #T1591 #T1003.001 #T1218.011 #T1593.002 #T1586.002 #T1588.005 #T1583.004 #T1036.004 #T1589.003 #T1594 #T1218.010 #T1557 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1021.001 #T1560.001 #T1176 #T1136.001 #T1543.003 #T1012 #T1534 #T1560.003 #T1007 #T1564.003 #T1114.003 #T1114.002 #T1564.002 #T1040 #T1546.001 #T1505.003
Shares tags: Kimsuky, T1082, T1140
2017-05-31 • 36% Match
#G0032 #T1082 #T1090 #T1140 #T1005 #T1041 #T1560 #T1046 #T1083 #T1497 #T1036 #T1027 #T1567 #T1071 #T1124 #T1204 #T1057 #T1053 #T1566 #T1102 #T1059 #T1001 #T1105 #T1055 #T1620 #T1543 #T1489 #T1078 #T1008 #T1571 #T1218 #T1220 #T1588 #T1203 #T1189 #T1049 #T1574 #T1098 #T1087 #T1593 #T1589 #T1016 #T1587 #T1591 #T1585 #T1583 #T1557 #T1547 #T1614 #T1106 #T1573 #T1048 #T1562 #T1608 #T1070 #T1047 #T1074 #T1134 #T1056 #T1529 #T1010 #T1553 #T1033 #T1485 #T1012 #T1110 #T1534 #T1104 #T1202 #T1221 #T1132 #T1021 #T1561 #T1564 #T1584 #T0865 #T1542 #T1491
Shares tags: T1082, T1140, T1005 • Same author: MITRE
2026-01-13 • 31% Match
#Kimsuky #T1102.002 #T1059.003 #T1567.002 #T1070.004 #T1587.001 #T1041 #T1608.001 #T1071.001 #T1112 #T1056.001 #T1059.006 #T1204.001 #T1059.007 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1059.005 #T1583.006 #T1566.001 #T1585.002 #T1053.005 #T1598.003 #T1583.001 #T1059.001 #T1036.005 #T1566 #T1585.001 #T1656 #T1205 #T1105 #T1055 #T1553.002 #T1620 #T1102.001 #T1027.002 #T1133 #T1190 #T1593 #T1588.002 #T1657 #T1055.012 #T1587 #T1078.003 #T1071.002 #T1562.004 #T1550.002 #T1111 #T1071.003 #T1591 #T1003.001 #T1218.011 #T1585 #T1593.002 #T1598 #T1583 #T1586.002 #T1588.005 #T1583.004 #T1036.004 #T1588.003 #T1589.003 #T1594 #T1218.010 #T1557 #T1219.002 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1596
Shares tags: Kimsuky, T1041, T1112
« Back