Malware
BabyShark
First seen: 2018-11 • Status: active
Currently Active Threat
BabyShark is a North Korean tool that scouts out computers before the main attack begins.
Overview
BabyShark is a reconnaissance backdoor used by Kimsuky. It gathers system information before deploying additional payloads.
How It Spreads
- • Spear-phishing
What It Does
- • Reconnaissance
- • System profiling
- • Payload delivery
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for Kimsuky reconnaissance
MITRE ATT&CK Techniques
T1082, T1105
If You're Infected
- 1.
Assume additional malware present
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required