Names | KANDYKORN | |
Category | Malware | |
Type | Backdoor, Exfiltration | |
Description | (Elastic) KANDYKORN is the final stage of this execution chain and possesses a full-featured set of capabilities to access and exfiltrate data from the victim’s computer. Elastic Security Labs was able to retrieve this payload from one C2 server which hadn’t been deactivated yet. | |
Information | <https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/osx.kandykorn> |
Last change to this tool card: 17 January 2024
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Lazarus Group, Hidden Cobra, Labyrinth Chollima | 2007-Sep 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |