This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Surge in DDoS attacks targeting education and academic sector
September 15, 2020
As education institutions across the world moved to online learning, cyber threat disruptions have amplified more than ever. Malware, vulnerability exploits, distributed denial-of-service (DDoS), phishing attacks have all struck this sector, increasing in frequency over the past two months. As schools in the U.S. restarted in remote learning mode, cybersecurity companies noticed a surge in DDoS ...
- Windows 10 ‘Finger’ command can be abused to download or steal files
September 15, 2020
The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently. These are known as living-off-the-land binaries (LoLBins) and can help attackers bypass security controls to fetch malware without triggering a security alert on the system. The latest addition is finger.exe, a command that ships ...
- MITRE releases emulation plan for FIN6 hacking group, more to follow
September 15, 2020
MITRE and cyber-security industry partners have launched a new project that promises to offer free emulation plans that mimic today’s biggest hacking groups in order to help train security teams to defend their networks. Named the Adversary Emulation Library, the project is the work of the MITRE Engenuity’s Center for Threat-Informed Defense. The project, hosted on GitHub, ...
- Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
September 15, 2020
Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs). The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The ...
- QR Codes Serve Up a Menu of Security Concerns
September 15, 2020
Quick Response (QR) codes are booming in popularity and hackers are flocking to exploit the trend. Worse, according to a new study, people are mostly ignorant to how QR codes can be easily abused to launch digital attacks. The reason QR code use is skyrocketing is tied to more brick-and-mortar businesses are forgoing paper brochures, menus ...
- A Blind Spot in ICS Security: The Protocol Gateway [Part 2] Vulnerability Allowing Stealth Attacks on Industrial Control Systems
September 14, 2020
A protocol gateway is a small network device, also called a protocol converter” or “IoT gateway.” It is similar to an “interpreter” in the digital word, and acts as a communications intermediary between different protocols. As the integration of networks accelerates with IoT, protocol conversion grows increasingly important. However, the security of protocol gateways has not ...