In recent months, North Korean based threat actors have been ramping up attack campaigns in order to achieve a myriad of their objectives, whether it be financial gain or with espionage purposes in mind. The North Korean cluster of attack groups is peculiar seeing there is quite some overlap with one another, and it is not always straightforward to attribute a specific campaign to a specific threat actor. This is no different in what the authors are presenting in this paper today, where they analyze a new threat campaign, initially discovered in late May, featuring multiple layers and which ultimately delivers a seemingly new and previously undocumented backdoor. These actions appear tied to Kimsuky and is specifically focused on Aerospace and Defense companies.
573fc7fdbda6861d3fb9546724f878e3b7a854cf874afba540f9e7fb1d853834This is toolset designed to help analyze, hunt, and classify malware using .NET metadata. The linked home page provides an overview of its use and purpose.
e2e99b42631e64db1283ccae1c91b162aa9eff70b8618d583e3f3a47272524f4This is a tool written to disable Intel AMT on Windows.
43d281d3af482c3a29092988f5f489c291d5212710372376d4c2e150a542d75bThis document is meant to be a general purpose cybercrime report template for victims.
d2a757ec4ee74be20c8708dcd4bc1be434315415d4d907969ebf5e328eb1d4b7This is a collection of PHP backdoors to be used for testing purposes.
997ab3e72c4fbfbfe776d677c590bd7dc9957932824d7df93b620c71def18bec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed