Show vulnerabilities with patch / with exploit
17 February 2020

US authorities released new info about North Korean malware


US authorities released new info about North Korean malware

US Cyber Command, the Department of Homeland Security, and the Federal Bureau of Investigations have published six new Malware Analysis Reports (MARs) related to malicious cyber activity from North Korea. The released MARs are related to new malware families involved in new attacks conducted by North Korea-linked HIDDEN COBRA group (aka Lazarus group).

“Each of these MARs is designed to enable network defenders to identify and reduce exposure to North Korean government malicious cyber activity”, CISA says.

CISA urges all users and administrators to carefully review these MARs for each malware variant listed below.

AR20-045A — BISTROMATH (a full-featured RAT implant executable)

AR20–045B — SLICKSHOES (Themida-packed dropper that decodes and drops a file "C:\Windows\Web\taskenc.exe" which is a Themida-packed beaconing implant)

AR20-045C — CROWDEDFLOUNDER (a Themida packed 32-bit Windows executable, which is designed to unpack and execute a Remote Access Trojan (RAT) binary in memory)

AR20-045D — HOTCROISSANT (beaconing implant with variety of functions including the ability to conduct system surveys, upload/download files, execute processes and commands, perform screen captures)

AR20-045E — ARTFULPIE (an implant that performs downloading and in-memory loading and execution of a DLL from a hardcoded URL)

AR20-045F — BUFFETLINE (a full-featured beaconing implant).

The agencies also updated MARs report that includes information about the HOPLIGHT proxy-based backdoor Trojan that was first exposed in April 2019.

US Cyber Command also uploaded malware samples to VirusTotal noting that these tools are currently being used by threat actors for phishing and remote access in order to “steal funds and evade sanctions”.

Back to the list

Latest Posts

Vulnerability summary for the week: March 27, 2020

Vulnerability summary for the week: March 27, 2020

Weekly vulnerability digest.
27 March 2020
Unpatched iOS bug prevents VPN apps from encrypting all traffic

Unpatched iOS bug prevents VPN apps from encrypting all traffic

Affected versions of iOS fail to close existing internet connections when a user connects to a VPN.
27 March 2020
Rare BadUSB attack detected in the wild

Rare BadUSB attack detected in the wild

This case is a perfect example of how simple social engineering, a Best Buy gift card, and an BadUSB device could be used to compromise a company.
27 March 2020