IOC pivotioc · sha-256
927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6
KP · DPRKBlueNoroffconfidence · high
SHA-256 of the KANDYKORN macOS backdoor staged via SUGARLOADER in the Elastic-tracked REF7001 intrusion against a cryptocurrency exchange. Capabilities include arbitrary command execution, file upload/download, directory listing, and secure deletion.
- family
- KANDYKORN
- first seen
- Oct 31, 2023
- publisher
- Elastic Security Labs