The U.S. Cyber Command (USCYBERCOM) has uploaded new malware samples to VirusTotal, all of which the Command has attributed to the North Korea-linked threat group Lazarus.
The samples were added to the scanning engine as part of a project that USCYBERCOM’s Cyber National Mission Force (CNMF) that kicked off in November 2018. Previously released malicious files have been attributed to state-sponsored hacking groups operating out of North Korea, Russia, and Iran.
In September 2019, 11 malware samples that were shared to the popular malware scanning engine were attributed to Lazarus, a cluster of activity that the U.S. refers to as “Hidden Cobra”
USCYBERCOM has now added 6 new samples linked to the same government-backed hacking group. Two of the new samples appear to have been created in the summer of 2019, two in February 2018, one in September 2017, and one in October 2016.
The malware, USCYBERCOM says, is currently used for phishing and remote access, to facilitate the hacking group’s illegal activities, steal funds, and evade sanctions.
Given that some of these samples are rather old, they are already broadly detected by the anti-malware companies in VirusTotal. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published Malware Analysis Reports for each of these samples
Called ARTFULPIE, the first piece of malware is an implant designed to fetch a DLL from a hardcoded URL, load it in-me ..
Support the originator by clicking the read the rest link below.
