The evening news would have you believe that North Korea is devoid of modern western technology or organisation. Apparently, there was an excellent DVD collection a while back…
Basically, they’re all the new silent service. Gone are the days where an author would just write a virus to destroy a file system in an insidious way. Nah, a silent sleep agent, kill or wake switch is a great way to amass a new digital weapon.
- Hoplight – Trojan malware variants
- Bistromath – malware descriptions Trojan[Backdoor]/Win32.Androm
- Slickshoes – Trojan/Win32.Agent
- Hotcroissant – Trojan malware variants, 94.177.123.138
- Artfulpie – malware descriptions Trojan.Win32.Heur.098
- Buffetline – full-featured beaconing implant
- Crowded Flounder – Themida-packed Remote Access Trojan (RAT)
From CISA https://www.us-cert.gov/privacy/notification
North Korean Malicious Cyber Activity
02/14/2020 07:40 AM EST
Original release date: February 14, 2020
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above and the North Korean Malicious Cyber Activity page for more information.
RiPPUL CyberSecurity BLOG 