The US Department of Homeland Security has issued a new warning on a North Korean-linked remote access Trojan dubbed KEYMARBLE RAT. In an analysis report published last week, US-CERT assessed the malware is linked to Hidden Cobra, the US government’s term for North Korean state-sponsored hackers.
The KEYMARBLE RAT is a 32-bit Windows executable file that once executed “de-obfuscates its application programming interfaces (APIs) and uses port 443 to connect” to a series of hard-coded IP addresses before awaiting additional instructions.
Some of its capabilities include accessing device configuration data, downloading files, executing commands, manipulating the Windows Registry configuration, capturing screenshots and more . It is also capable of harvesting and relaying a trove of information about the victim’s system including OS, CPU, MAC address, computer name, language settings, list and type of disk devices, time elapsed since the system was started and unique identifier of the system as well.
Link to full article
US-CERT issues new warning on North Korea-linked 'KeyMarble' Trojan
Userlevel 5
+11
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.