Simplesea

Malware updated 23 days ago (2024-11-29T14:06:53.058Z)
Download STIX
Preview STIX
Simplesea, a harmful malware program, is attributed to the North Korea-linked threat actor known as Gleaming Pisces or Citrine Sleet. This malicious software is designed to exploit and damage computer systems, potentially leading to theft of personal information, disruption of operations, or even holding data hostage for ransom. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. The campaign involving Simplesea was previously associated with the distribution of the macOS remote administration tool POOLRAT. POOLRAT, also known as SIMPLESEA, is a C/C++ macOS implant capable of collecting basic system information and executing arbitrary commands. This includes carrying out file operations, which can be detrimental to the affected system. The malware was identified by a threat intelligence firm and linked back to Gleaming Pisces, reaffirming the group's ongoing cyber threats. Recent investigations have uncovered the existence of a Linux backdoor that likely corresponds to the SIMPLESEA macOS malware seen in the 3CX incident. This discovery indicates an expansion of the threat actor's capabilities, demonstrating their ability to target different operating systems and further broadening the potential impact of their activities. The continued evolution and sophistication of these threats highlight the importance of robust cybersecurity measures.
Description last updated: 2024-09-23T16:16:10.650Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Poolrat is a possible alias for Simplesea. POOLRAT is a malicious software (malware) first reported by the Cybersecurity and Infrastructure Security Agency (CISA) in 2021. It primarily targets macOS and Linux systems, functioning as a backdoor to gain unauthorized access. The malware was initially identified as a file named 'prtspool', suspe
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Macos
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Simplesea Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more