ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool KGH_SPY

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: KGH_SPY

NamesKGH_SPY
KGH Spyware Suite
CategoryMalware
TypeBackdoor, Info stealer, Keylogger
Description(Cybereason) During our analysis, Cybereason Nocturnus discovered a new malware suite dubbed “KGH” which contains several modules used as spyware. The name “KGH” is derived from the PDB path and internal names found in the malware samples.
A possible link to North Korean attacks referencing the name “KGH” was mentioned in 2017 in a research by Ahnlab, however it is unclear whether it is related to the same malware authors.
Information<https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.kgh_spy>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

All groups using tool KGH_SPY

ChangedNameCountryObserved

APT groups

 Kimsuky, Velvet ChollimaNorth Korea2012-May 2021X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key