This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Glupteba malware is back in action after Google disruption
December 17, 2022
The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago. In December 2021, Google managed to cause a massive disruption to the blockchain-enabled botnet, securing the court orders to take control of the botnet’s infrastructure and filing complaints against two Russian operators. Nozomi now ...
- Australia: Fire Rescue Victoria confirms cyber attack from ‘external third party’ as outage continues
December 16, 2022
Fire Rescue Victoria has confirmed it has been the victim of a cyber attack as it continues to deal with a widespread IT outage. FRV revealed on Thursday it was having to alert firefighters to emergencies by mobile phone and radio because of an outage affecting its computer dispatch system. The service said preliminary investigations had ...
- Agenda Ransomware Uses Rust to Target More Vital Industries
December 16, 2022
This year, ransomware-as-a-service (RaaS) groups like BlackCat, Hive, and RansomExx have developed versions of their ransomware in Rust, a cross-platform language that makes it easier to tailor malware to different operating systems like Windows and Linux. In this blog entry, Trend Micro shed light on Agenda (also known as Qilin), another ransomware group that has ...
- FBI: Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients
December 15, 2022
The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are releasing this joint Cybersecurity Advisory (CSA) to advise the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food ...
- Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs
December 15, 2022
An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure and medical researchers – according to email security vendor Proofpoint. Over the past two years, the threat actor group that ...
- Ransomware Business Models: Future Pivots and Trends
December 15, 2022
As modern ransomware attacks became one of the most dangerous cybersecurity incidents that can happen to organizations in recent years, we explored its current state and the possible directions that ransomware groups can take it. Noting that there are other cybercriminal business models where more illicit money can be made, and the changing geopolitical and ...