DHS, FBI published a join alert including technical details of Hidden Cobra-linked ‘Typeframe’ Malware

The US DHS and the FBI have published a new joint report that includes technical details of a piece of malware allegedly used by the Hidden Cobra APT.

A new joint report published by US DHS and FBI made the headlines, past document details TTPs associated with North Korea-linked threat groups, tracked by the US government as Hidden Cobra.

The US authorities have published the report to reduce the exposure to the activities of North Korea-linked APT groups.

Hidden Cobra’s arsenal includes Sharpknot, Hardrain, Badcall, BankshotFallchil, Volgmer, and Delta Charlie.

The latest joint report includes a piece of malware dubbed “Typeframe” and it covers a total of 11 samples analyzed by the government experts.

The researchers analyzed several executables and weaponize Word documents containing VBA macros.

“DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant is known as TYPEFRAME. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.” reads the joint report.

“This malware report contains analysisof 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros. These files have the capability to download and install malware, install proxyand Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections.”

The security alert includes indicators of compromise (IoCs) for each of the sample analyzed by the experts.

The report includes a description of the functionality for each sample, hashes, IPs, antivirus detections, metadata, and YARA rules.

In May, US authorities published another reporton the Hidden Cobra detailing the Joanap backdoor trojan and the Brambul worm.

The unique certainly is that North Korea continues to be one of the most aggressive and persistent threat actors in the cyberspace.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X