Overview

The Kimsuky group’s activities in February 2023 were very significant in comparison to their activities in January. Many new types were discovered, including a variant of FlowerPower which stole information stored in browsers via the GitHub API, a DLL version of xRAT, and a new type of RAT called TutRAT.

The number of Fully Qualified Domain Names (FQDNs) tripled compared to the previous month, most of which were FlowerPower, Random Query, and AppleSeed types. There was also an actual …

api appleseed attack browsers called dll domain domain names february flowerpower github github api information january kimsuky malware analysis names query random rat report targeting threat trend types university version xrat