InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,222.68
(
0.16%
)
US TECH 100
17,652.00
(
0.06%
)
Dow Jones
39,512.84
(
0.32%
)
Brent Oil
82.59
(
0.00%
)
Bitcoin
60,860.99
(
0.11%
)
Post# of 248837
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2591
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Monday, 06/18/2018 8:25:20 PM

Monday, June 18, 2018 8:25:20 PM

Post# of 248837
DHS, FBI Share Details of North Korea's 'Typeframe' Malware

This could be where Wave Endpoint Monitor really sets itself apart from the other anti virus and anti malware products. The other products need to first identify the signature of the malware. Wave's WEM product uses a white list approach rather than a black list approach which in this case could be more effective. imo.

https://www.securityweek.com/dhs-fbi-share-details-north-koreas-typeframe-malware

The U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have published another report on the US-CERT website detailing a piece of malware allegedly used by the North Korean government.

A dozen reports have been published by the DHS and the FBI over the past year on the North Korea-linked threat group tracked by the U.S. government as Hidden Cobra. The list of tools detailed by the agencies includes Sharpknot, Hardrain, Badcall, Bankshot, Fallchil, Volgmer, and Delta Charlie.

The latest report describes a piece of malware dubbed “Typeframe” and it covers a total of 11 samples related to the threat, including executable files and malicious Word documents containing VBA macros.

“These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections,” the agencies said.

The alert contains indicators of compromise (IoCs) for each of the files, including a description of their functionality, hashes, IPs, antivirus detections, metadata, and YARA rules.

The goal of the report is to “enable network defense and reduce exposure to North Korean government malicious cyber activity.” However, security experts argued in the past that these types of alerts from government agencies are actually not enough to help improve defenses.

The previous Hidden Cobra report, published on the US-CERT website in late May, attributed the Joanap backdoor trojan and the Brambul worm to the North Korean government.

While it has always denied accusations, experts say North Korea continues to be highly active in cyberspace, with some claiming that the country is even more aggressive than China. Recent attacks attributed to North Korea involved new malware and even zero-day vulnerabilities.


Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up