Login

Register

Login

Register

#cybersecurity | hacker | Hidden Cobra adds to its malware arsenal: CISA

[ad_1]

The DHS Cybersecurity
and Infrastructure Security Agency (CISA) and the Federal Bureau of
Investigation have released a report on six new or upgraded malware variants
being used by North Korea.

The malware
types included are Bistromath, Slickshoes, Crowdedflounder, Hotcroissant,
Artfulpie, Buffetline and Hoplight. Hoplight is a previously recorded malware
believed to be used by the North Korean cyberespionage group Hidden Cobra. All the new
malware types are also used by Hidden Cobra, according to CISA.

Bistromath,
also used by Hidden Cobra, is basically a full-featured RAT implant executable
and multiple versions of the CAgent11 GUI implant controller/builder. It
performs simple XOR network encoding and can conducting system surveys, file
upload/download, process and command execution, can listen to audio microphone,
view the clipboard and the screen. The GUI controllers allow interaction with
the implant as well as the option to dynamically build new implants with
customized options.

Slickshoes is
a Themida-packed dropper that decodes and drops a file
“C:WindowsWebtaskenc.exe” which is a Themida-packed beaconing
implant. This beacon does not execute the dropped file nor does it schedule any
tasks to run the malware, instead it uses an indigenous network encoding
algorithm to conducting system surveys, file upload/download, process and
command execution and screen captures.

Crowdedflounder
is a Themida-packed 32-bit Windows executable that can unpack and execute a RAT
binary in memory. Other features include the ability to listen as a proxy for
incoming connections containing commands or can connect to a remote server to
receive commands.

Hotcroissant
is another full-featured beaconing implant that performs a custom XOR network
encoding and can conduct system surveys, upload and download files, process and
command execution and perform screen captures.

Artfulpie is
an implant that downloads data and handles in-memory loading and execution of a
DLL from a hardcoded URL.

Buffetline is
the third full featured implant listed. It uses PolarSSL for session
authentication, but switches to a FakeTLS scheme for network encoding using a
modified RC4 algorithm. The malware has the capability to download, upload,
delete, and execute files; enable Windows CLI access; create and terminate
processes; and perform target system enumeration.

[ad_2]

Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW