Distribution of PebbleDash Malware in March 2025
Contents
Distribution of PebbleDash Malware in March 2025
PebbleDash is a backdoor malware that was previously identified by the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. as a backdoor malware of Lazarus (Hidden Corba) in 2020. At the time, it was known as the malware of the Lazarus group, but recently, there have been more cases of the PebbleDash malware being distributed by the Kimsuky group, who have been targeting individuals, rather than the Lazarus group. This report will cover the latest distribution process of the PebbleDash malware by the Kimsuky group, other malware and additional modules that have been identified alongside PebbleDash.
As mentioned in multiple TI reports in the past, the Kimsuky threat group is known to use an open-source RDP Wrapper along with PebbleDash for remote control. However, there have been numerous recent cases where the threat actors directly patched termsrv.dll, which performs the role of terminal services.
The …
PebbleDash is a backdoor malware that was previously identified by the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. as a backdoor malware of Lazarus (Hidden Corba) in 2020. At the time, it was known as the malware of the Lazarus group, but recently, there have been more cases of the PebbleDash malware being distributed by the Kimsuky group, who have been targeting individuals, rather than the Lazarus group. This report will cover the latest distribution process of the PebbleDash malware by the Kimsuky group, other malware and additional modules that have been identified alongside PebbleDash.
As mentioned in multiple TI reports in the past, the Kimsuky threat group is known to use an open-source RDP Wrapper along with PebbleDash for remote control. However, there have been numerous recent cases where the threat actors directly patched termsrv.dll, which performs the role of terminal services.
The …
IoC
70d92e2b00ec6702e17e266b7742bbab
641593eea5f235e27d7cff27d5b7ca2a
641593eea5f235e27d7cff27d5b7ca2a