TODDLERSHARK

Description

(Kroll) The Kroll CTI team observed a campaign using a new malware that appears to be very similar to BabyShark, previously reported to have been developed and used by the APT group Kimsuky (KTA082).

The malware was deployed as part of an attempted compromise that was detected and stopped by the Kroll Responder team. The activity started with exploitation of a recently addressed authentication bypass in the remote desktop software ScreenConnect, developed by ConnectWise.

Names

Name
TODDLERSHARK

Type

Reconnaissance
Backdoor
Info stealer

Information

https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark

Other Information

Uuid

180ed79d-7d0b-4091-b59e-37e4aa595d0f

Last Card Change

2024-03-10

Threat Intelligence Garden

Explorer

TODDLERSHARK

TODDLERSHARK

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks