Rectifyq📃Title: IAmTheKing and the SlothfulMedia malware family
📅Date: 2020-10-15
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer= Kaspersky
- malpedia=“SlothfulMedia”
- target-information=“Malaysia”
- target-information=“Ukraine”
- malpedia=“LaZagne”
- malpedia=“MimiKatz”
- target-information=“Russia”
- region=“143 - Central Asia”
- region=“151 - Eastern Europe”
- sector=“Defense”
- sector=“Government, Administration”
- mitre-attack-pattern=[]
MISP event uuid: a0553f5e-cf74-4193-a83c-ab30e3891287
Indicator of Compromise (IoCs)
type,value,comment
md5, 00e415e72a4fc4c8634d4d3815683ce8, 'KingOfHearts (urlencode variant)'
md5, 4e2c2e82f076ad0b5d1f257706a5d579, 'KingOfHearts (JSON variant)'
md5, ab956623b3a6c2ac5b192e07b79cbb5b, 'QueenOfHearts'
md5, 4bbd5869aa39f144faddad85b5eeca12, 'QueenOfHearts'
md5, 4076ddaf9555031b336b09ebab402b95, 'QueenOfHearts'
md5, 096f7084d274166462d445a7686d1e5c, 'QueenOfHearts'
md5, 29aa501447e6e20762893a24bfce05e9, 'QueenOfClubs'
md5, 7db4f1547d0e897ef6e6f01ecc484314, 'Screenshot capture utility'
md5, 60d78b3e0d7ffe14a50485a19439209b, 'Malicious LNK'
md5, 90ef53d025e04335f1a71cb9aa6d6592, 'Keylogger'
md5, 97c6cfa181c849eb87759518e200872f, 'JackOfHearts No sample in VT\r\nLast check:09/05/2025'
Full IOCs available in Rectifyq’s MISP