KGH_SPY (c1e1ab6a-d5ce-4520-98c5-c6df41005fd9)

KGH_SPY is a modular suite of tools used by Kimsuky for reconnaissance, information stealing, and backdoor capabilities. KGH_SPY derived its name from PDB paths and internal names found in samples containing "KGH".^{[Cybereason Kimsuky November 2020]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
KGH_SPY (c1e1ab6a-d5ce-4520-98c5-c6df41005fd9)	Tidal Software	Kimsuky (37f317d8-02f0-43d4-8a7d-7a65ce8aadf1)	Tidal Groups	1