ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool KGH_SPY

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: KGH_SPY

NamesKGH_SPY
KGH Spyware Suite
CategoryMalware
TypeBackdoor, Info stealer, Keylogger
Description(Cybereason) During our analysis, Cybereason Nocturnus discovered a new malware suite dubbed “KGH” which contains several modules used as spyware. The name “KGH” is derived from the PDB path and internal names found in the malware samples.
A possible link to North Korean attacks referencing the name “KGH” was mentioned in 2017 in a research by Ahnlab, however it is unclear whether it is related to the same malware authors.
Information<https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite>
MITRE ATT&CK<https://attack.mitre.org/software/S0526/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.kgh_spy>

Last change to this tool card: 30 December 2022

Download this tool card in JSON format

All groups using tool KGH_SPY

ChangedNameCountryObserved

APT groups

 Kimsuky, Velvet ChollimaNorth Korea2012-Sep 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]