S0526Windows

S0526KGH_SPY

Platforms
1
ATT&CK
14.1
References
2

Description

[KGH_SPY](https://attack.mitre.org/software/S0526) is a modular suite of tools used by [Kimsuky](https://attack.mitre.org/groups/G0094) for reconnaissance, information stealing, and backdoor capabilities. [KGH_SPY](https://attack.mitre.org/software/S0526) derived its name from PDB paths and internal names found in samples containing "KGH".(Citation: Cybereason Kimsuky November 2020)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupKimsukyg0094100%live

References

  1. https://attack.mitre.org/software/S0526
  2. https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
CSPY Downloader
Software
POSHSPY
Software
KOMPROGO
Software
BS2005
Software
AppleSeed
Software
KONNI
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.