IAmTheKing APT

Multiple malware families have been attributed to the IAmTheKing APT group including KingOfHearts, QueenOfHearts, QueenOfClubs, and JackOfHearts. The malicious software targets various entities with a focus on organizations in Russia. The malware captures screenshots, uploads and downloads files, dumps credentials, and exfiltrates stolen information. Various tools are used by the threat actor including ProcDump, PsExec, LaZagne, and Mimikatz.