Tinynuke

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
TinyNuke is a type of malware, specifically a banking Trojan, used to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. TinyNuke is part of a variety of malicious tools employed by threat actors to commandeer compromised servers. The South Korea-based cybersecurity company AhnLab reported on a series of attacks by the North Korean threat actor Kimsuky, which involved an array of malware including backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke. The group has expanded its post-compromise malware arsenal, using RevClient to send commands from its command-and-control (C2) server to add user accounts to a victim's system, and TinyNuke, the public malware. In addition to these attacks, ASEC attributed another threat actor known as Kimsuky (aka APT43) to a new set of spear-phishing attacks that use the BabyShark malware to install a variety of remote desktop tools and VNC software, including TightVNC and TinyNuke. These tools allow them to take over victim systems and exfiltrate information. This indicates a further evolution of North Korea's offensive programs, with nation-state actors leveraging spear-phishing attacks to deliver a mix of backdoors and tools like AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
AppleSeed
1
Appleseed is a sophisticated malware, believed to be affiliated with North Korean nation-state actors, that has been used in various cyber attacks. The malware uses a two-layer command structure to communicate with its command and control server, making it particularly effective at seizing control o
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Trojan
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BabySharkUnspecified
1
BabyShark is a malicious software (malware) that has been linked to the North Korean Advanced Persistent Threat (APT) group known as Kimsuky, also referred to as Thallium and Velvet Chollima. This malware, written in Microsoft Visual Basic script, was first identified in November 2018 and was used p
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KimsukyUnspecified
1
Kimsuky is a North Korea-linked advanced persistent threat (APT) group that conducts global cyber-attacks to gather intelligence for the North Korean government. The group has been identified as a significant threat actor, executing actions with malicious intent, and has recently targeted victims vi
Apt43Unspecified
1
APT43, also known as Kimsuky, is a North Korean state-sponsored advanced persistent threat (APT) group that has been actively involved in cybercrime and espionage. The group has been implicated in a series of attacks exploiting vulnerabilities, which have drawn the attention of various cybersecurity
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Tinynuke Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
9 months ago
North Korea's Kimsuky Doubles Down on Remote Desktop Control
CERT-EU
9 months ago
Microsoft Warns of North Korean Attacks Exploiting JetBrains TeamCity Flaw
CERT-EU
7 months ago
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks – GIXtools
CERT-EU
7 months ago
Cyber Security Week In Review: December 29, 2023