What malware does Kimsuky use?

Kimsuky is known to utilize AppleSeed, PebbleDash in their campaigns.

Where is Kimsuky located?

Kimsuky originates from North Korea and is classified as State-Sponsored.

Legal Disclaimer:

This platform is for authorized security research and educational purposes ONLY. Scanning assets without explicit permission is illegal.

State-Sponsored APT

Advanced Persistent Threat

Kimsuky

Origin: North Korea | Active Since: 2012

// AI Dossier Summary

Kimsuky is a North Korean state-sponsored APT focused primarily on espionage and intelligence gathering targeting South Korean entities and global think tanks.

// Group Fingerprint

Primary Name: Kimsuky
Known Aliases: Velvet Chollima, Thallium, Black Banshee
State Sponsor: State-Sponsored
Motivations: Espionage, Intelligence Gathering
Primary Targets: Government, Think Tanks, Academia
Active Since: 2012

// Tradecraft & Arsenal

Known Malware Arsenal

AppleSeed
PebbleDash

Target Industries

Government
Think Tanks
Academia

MITRE ATT&CK Mapping

T1566Phishing
T1059Command and Scripting Interpreter