KimJongRAT

Description

(Palo Alto) As the original filename “cow_pass.fig” suggests, KimJongRAT seems to be wholly used as a password extraction and information stealer tool by the threat actor, and the collected data are exfiltrated to C2 with support from other malware such as BabyShark or Gh0st RAT. The information that the KimJongRAT malware steals from victim machines include email credentials from Microsoft Outlook and Mozilla Thunderbird, login credentials for Google, Facebook, and Yahoo accounts from browsers Internet Explorer, Chrome, Mozilla Firefox, and Yandex Browser.

Names

Name
KimJongRAT

Type

Backdoor
Info stealer
Credential stealer
Exfiltration

Information

https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/
https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/
https://malware.lu/assets/files/articles/RAP003_KimJongRAT-Stealer_Analysis.1.0.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.kimjongrat

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:KimJongRAT

Other Information

Uuid

1981c06c-cc55-4efe-99e1-ac799d04d3b6

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

KimJongRAT

KimJongRAT

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks