The US DHS and the FBI have published a new joint report that includes technical details of a piece of malware allegedly used by the Hidden Cobra APT.
A new joint report published by US DHS and FBI made the headlines, past document details TTPs associated with North Korea-linked threat groups, tracked by the US government as Hidden Cobra.
The US authorities have published the report to reduce the exposure to the activities of North Korea-linked APT groups.
Hidden Cobra’s arsenal includes Sharpknot, Hardrain, Badcall, Bankshot, Fallchil, Volgmer, and Delta Charlie.
The latest joint report includes a piece of malware dubbed “Typeframe” and it covers a total of 11 samples analyzed by the government experts.
The researchers analyzed several executables and weaponize Word documents containing VBA macros.
“DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant is known as TYPEFRAME. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.” reads the joint report.
“This malware report contains analysisof 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros. These files have the capability to download and install malware, install proxyand Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections.”
The security alert includes indicators of compromise (IoCs) for each of the sample analyzed by the experts.
The report includes a description of the functionality for each sample, hashes, IPs, antivirus detections, metadata, and YARA rules.
In May, US authorities published another reporton the Hidden Cobra detailing the Joanap backdoor trojan and the Brambul worm.
The unique certainly is that North Korea continues to be one of the most aggressive and persistent threat actors in the cyberspace.