May 14

US Federal government Exposes North Korean Malware

Malware

0  comments

This post was originally published on this site

US Cyber Order has uploaded North Korean malware samples to the VirusTotal aggregation repository, increasing the malware samples this uploaded within February.

The first of the brand new malware variants, COPPERHEDGE, will be described as a Remote control Access Tool (RAT) “utilized by superior persistent threat (APT) cyber actors within the targeting of cryptocurrency exchanges and associated entities.”

This RAT is well known for its capacity to assist the threat actors perform program reconnaissance, run arbitrary instructions on compromised techniques, and exfiltrate stolen data.

TAINTEDSCRIBE is really a trojan that acts as a full-showcased beaconing implant with command modules and made to disguise as Microsoft’s Narrator.

The trojan “downloads its command execution module from the command and control (C2) server and has the capacity to download, upload, delete, and execute files; enable Home windows CLI gain access to; create and terminate procedures; and perform target program enumeration.”

Last however, not least, PEBBLEDASH is just one more North Korean trojan performing like a full-showcased beaconing implant and utilized by North Korean-supported hacking groups “to download, upload, delete, and execute files; enable Home windows CLI entry; create and terminate procedures; and perform target program enumeration.”

It’s interesting to start to see the US federal government have a more aggressive stance on foreign malware. Producing samples public, so all of the antivirus companies can truly add them with their scanning systems, is really a big deal — and possibly required some difficult declassification maneuvering.

Me, I like reading through the codenames.

Lots a lot more on the US-CERT website.

About the author 

Agent 86

Maxwell Smart, agent 86, is CONTROL's top spy (except for Bannister) and, later, the Chief of CONTROL.

You may also like

Brexit Deal Mandates Old Insecure Crypto Algorithms

Brexit Deal Mandates Old Insecure Crypto Algorithms

On the Evolution of Ransomware

On the Evolution of Ransomware

Russia’s SolarWinds Attack

Russia’s SolarWinds Attack
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!