DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity
Contents
North Korea (specifically the Lazarus group) has a long and storied history of destructive cyber-attacks. Some more notable examples are the 2013 “Dark Seoul” attacks, the 2014 attack on Sony Pictures, a series of SWIFT-targeted campaigns in 2015-2016, and more recently their foray into commercial cybercrime operations with Trickbot and Anchor.
The US-CERT recently released a new set of MARs (Malware Analysis Reports) covering newly uncovered/updated malware/implants attributed to North Korea. More specifically, these are tools attributed to the Lazarus Group / Hidden Cobra. These updates provide a sizeable glimpse into the ever expanding DPRK toolset. As we have seen in the past, the complexity and sophistication of these tools varies widely. Most of the families covered in this update are meant to function as RATs or Cobalt-Strike-like (beacon) tools meant to enable persistence and manipulation of infected hosts.
BISTROMATH
Full Featured RAT (Remote Access Trojan) payloads and associated CAgent11 implant builder/controller. This …
The US-CERT recently released a new set of MARs (Malware Analysis Reports) covering newly uncovered/updated malware/implants attributed to North Korea. More specifically, these are tools attributed to the Lazarus Group / Hidden Cobra. These updates provide a sizeable glimpse into the ever expanding DPRK toolset. As we have seen in the past, the complexity and sophistication of these tools varies widely. Most of the families covered in this update are meant to function as RATs or Cobalt-Strike-like (beacon) tools meant to enable persistence and manipulation of infected hosts.
BISTROMATH
Full Featured RAT (Remote Access Trojan) payloads and associated CAgent11 implant builder/controller. This …
IoC
04d70bb249206a006f83db39bbe49ff6e520ea329e5fbb9c758d426b1c8dec30
05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461
0608e411348905145a267a9beaf5cd3527f11f95c4afde4c45998f066f418571
084b21bc32ee19af98f85aee8204a148032ce7eabef668481b919195dd62b319
107.6.12.135
112.175.92.57
113.114.117.122
117.239.241.2
119.18.230.253
12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
128.200.115.228
137.139.135.151
14.140.116.172
159.100.250.231
181.39.135.126
186.169.2.237
188.165.37.168
193.56.28.103
195.158.234.60
197.211.212.59
1a01b8a4c505db70f9e199337ce7f497b3dd42f25ad06487e29385580bca3676
1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
21.252.107.198
210.137.6.37
210.202.40.35
2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
217.117.4.110
218.255.24.226
221.138.17.152
26.165.218.44
32ec329301aa4547b4ef4800159940feb950785f1ab68d85a14d363e0ff2bc11
47.206.4.145
4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818
52f83cdaefd194fff3d387631d5693a709cd7b3a20a072e7827c4d4218d57695
606c6000f36dc69fefc6df828e1ac9c5529a71a62b99f5df55463606c4c9689c
618a67048d0a9217317c1d1790ad5f6b044eaa58a433bd46ec2fb9f9ff563dc6
70.224.36.194
70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790
73dcb7639c1f81d3f7c4931d32787bdf07bd98550888c4b29b1058b2d5a7ca33
81.94.192.10
81.94.192.147
83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
84.49.242.125
8a1d57ee05d29a730864299376b830a7e127f089e500e148d96d0868b7c5b520
8ee7da59f68c691c9eca1ac70ff03155ed07808c7a66dee49886b51a59e00085
94.177.123.138
97.90.44.200
a2a77cefd2faa17e18843d74a8ad155a061a13da9bd548ded6437ef855c14442
b05aae59b3c1d024b19c88448811debef1eada2f51761a5c41e70da3db7615a9
b9a26a569257fbe02c10d3735587f10ee58e4281dba43474dbdef4ace8ea7101
c66ef8652e15b579b409170658c95d35cfd6231c7ce030b172692f911e7dcff8
d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39
ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
f8f7720785f7e75bd6407ac2acd63f90ab6c2907d3619162dc41a8ffa40a5d03
fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac
fe43bc385b30796f5e2d94dfa720903c70e66bc91dfdcfb2f3986a1fea3fe8c5
http://107.6.12.135
http://112.175.92.57
http://113.114.117.122
http://117.239.241.2
http://119.18.230.253
http://128.200.115.228
http://137.139.135.151
http://14.140.116.172
http://159.100.250.231
http://181.39.135.126
http://186.169.2.237
http://188.165.37.168
http://193.56.28.103
http://195.158.234.60
http://197.211.212.59
http://21.252.107.198
http://210.137.6.37
http://210.202.40.35
http://217.117.4.110
http://218.255.24.226
http://221.138.17.152
http://26.165.218.44
http://47.206.4.145
http://70.224.36.194
http://81.94.192.10
http://81.94.192.147
http://84.49.242.125
http://94.177.123.138
http://97.90.44.200
05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461
0608e411348905145a267a9beaf5cd3527f11f95c4afde4c45998f066f418571
084b21bc32ee19af98f85aee8204a148032ce7eabef668481b919195dd62b319
107.6.12.135
112.175.92.57
113.114.117.122
117.239.241.2
119.18.230.253
12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
128.200.115.228
137.139.135.151
14.140.116.172
159.100.250.231
181.39.135.126
186.169.2.237
188.165.37.168
193.56.28.103
195.158.234.60
197.211.212.59
1a01b8a4c505db70f9e199337ce7f497b3dd42f25ad06487e29385580bca3676
1ea6b3e99bbb67719c56ad07f5a12501855068a4a866f92db8dcdefaffa48a39
21.252.107.198
210.137.6.37
210.202.40.35
2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
217.117.4.110
218.255.24.226
221.138.17.152
26.165.218.44
32ec329301aa4547b4ef4800159940feb950785f1ab68d85a14d363e0ff2bc11
47.206.4.145
4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818
52f83cdaefd194fff3d387631d5693a709cd7b3a20a072e7827c4d4218d57695
606c6000f36dc69fefc6df828e1ac9c5529a71a62b99f5df55463606c4c9689c
618a67048d0a9217317c1d1790ad5f6b044eaa58a433bd46ec2fb9f9ff563dc6
70.224.36.194
70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
738ba44188a93de6b5ca7e0bf0a77f66f677a0dda2b2e9ef4b91b1c8257da790
73dcb7639c1f81d3f7c4931d32787bdf07bd98550888c4b29b1058b2d5a7ca33
81.94.192.10
81.94.192.147
83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
84.49.242.125
8a1d57ee05d29a730864299376b830a7e127f089e500e148d96d0868b7c5b520
8ee7da59f68c691c9eca1ac70ff03155ed07808c7a66dee49886b51a59e00085
94.177.123.138
97.90.44.200
a2a77cefd2faa17e18843d74a8ad155a061a13da9bd548ded6437ef855c14442
b05aae59b3c1d024b19c88448811debef1eada2f51761a5c41e70da3db7615a9
b9a26a569257fbe02c10d3735587f10ee58e4281dba43474dbdef4ace8ea7101
c66ef8652e15b579b409170658c95d35cfd6231c7ce030b172692f911e7dcff8
d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39
ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
f8f7720785f7e75bd6407ac2acd63f90ab6c2907d3619162dc41a8ffa40a5d03
fdb87add07d3459c43cfa88744656f6c00effa6b7ec92cb7c8b911d233aeb4ac
fe43bc385b30796f5e2d94dfa720903c70e66bc91dfdcfb2f3986a1fea3fe8c5
http://107.6.12.135
http://112.175.92.57
http://113.114.117.122
http://117.239.241.2
http://119.18.230.253
http://128.200.115.228
http://137.139.135.151
http://14.140.116.172
http://159.100.250.231
http://181.39.135.126
http://186.169.2.237
http://188.165.37.168
http://193.56.28.103
http://195.158.234.60
http://197.211.212.59
http://21.252.107.198
http://210.137.6.37
http://210.202.40.35
http://217.117.4.110
http://218.255.24.226
http://221.138.17.152
http://26.165.218.44
http://47.206.4.145
http://70.224.36.194
http://81.94.192.10
http://81.94.192.147
http://84.49.242.125
http://94.177.123.138
http://97.90.44.200