This is the analysis report of a sample which is tied to a campaign conducted against South Korean Unification Ministry – 1 January 2019. We have identified that aforementioned malware possess information collection capabilities. We also suspect that the malware possesses remote command execution capabilities. Anti analysis techniques are employed. Considering this information, we are confident that the implant functions as a spyware. Although having several distinctive features, tradecraft of this implant is similar to those from “Operation Kimsuky”.
You can download the report here