ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > IAmTheKing

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: IAmTheKing

NamesIAmTheKing (Kaspersky)
CountryRussia Russia
MotivationInformation theft and espionage
First seen2018
Description(Kaspersky) On October 1, 2020, the DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context.

In June 2018, we published the first report on a new cluster of activities that we named IAmTheKing, based on malware strings discovered in a malware sample from an unknown family. Amusingly, other strings present inside of it invited “kapasiky antivirus” to “leave [them] alone”.
ObservedSectors: Defense, Education, Energy, Government.
Countries: Malaysia, Russia, Ukraine.
Tools usedJackOfHearts, KingOfHearts, LaZagne, Mimikatz, ProcDump, PsExec, QueenOfClubs, QueenOfHearts.
Information<https://securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/>

Last change to this card: 19 October 2020

Download this actor card in PDF or JSON format

Previous: Hydrochasma
Next: Icefog, Dagger Panda

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]