Typeframe Malware Via North Korea Hacking Group Known As Hidden Cobra
The US Department of Homeland Security said that it has identified malicious cyber activity by the North Korean government, according to a new report released on Thursday, just days after the historic summit between President Donald Trump and North Korean dictator Kim Jong Un.
This malware variant is known as TYPEFRAME, according to the report by the DHS Computer Emergency Readiness Team, noting that “the US Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA”.
Themalware samples that have been checked so far consist of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros. These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections.
More info: https://www.us-cert.gov/ncas/analysis-reports/AR18-165A
C&C IP’s And Host’s To Block
111.207.78.204
181.119.19.56
184.107.209.2
59.90.93.97
80.91.118.45
81.0.213.173
98.101.211.162
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.