DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity

2020-02-25 Sentinel One

https://labs.sentinelone.com/dprk-hidden-cobra-update-north-korean-malicious-cyber-activity/

Thumbnail for DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity

The report reviews a set of US-CERT Malware Analysis Reports covering newly identified or updated North Korean implants attributed to Lazarus Group and HIDDEN COBRA. It summarizes tools such as SLICKSHOES and HOTCROISSANT as RAT or beacon-style implants used for persistence, system manipulation, and remote control. Capabilities discussed across the toolset include file and process manipulation, upload and exfiltration, timestamp modification, command-shell access, screenshot capture, and microphone access. The source is valuable as a consolidated overview of DPRK-linked malware families and their defensive implications.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 05feed9762bc46b47a7dc5c469add9f… 2020-02-25 2026-04-03
HASH 8ee7da59f68c691c9eca1ac70ff0315… 2020-02-25 2020-04-16
IPv4 94.177.123.138 2020-02-25 2020-04-16
HASH 2151c1977b4555a1761c12f151969f8… 2020-02-25 2020-03-09
HASH b9a26a569257fbe02c10d3735587f10… 2020-02-25 2020-03-09
HASH 70034b33f59c6698403293cdc28676c… 2020-02-25 2020-03-09
HASH f8f7720785f7e75bd6407ac2acd63f9… 2019-10-23 2020-03-09
HASH fe43bc385b30796f5e2d94dfa720903… 2019-10-23 2020-03-09
HASH b05aae59b3c1d024b19c88448811deb… 2019-10-23 2020-03-09
HASH 0608e411348905145a267a9beaf5cd3… 2019-10-23 2020-03-09
HASH c66ef8652e15b579b409170658c95d3… 2019-10-23 2020-03-09
HASH 1a01b8a4c505db70f9e199337ce7f49… 2019-10-23 2020-03-09
HASH 73dcb7639c1f81d3f7c4931d32787bd… 2019-10-23 2020-03-09
HASH 32ec329301aa4547b4ef4800159940f… 2019-10-23 2020-03-09
HASH 084b21bc32ee19af98f85aee8204a14… 2019-10-23 2020-03-09
HASH 8a1d57ee05d29a730864299376b830a… 2019-10-23 2020-03-09
HASH 4c372df691fc699552f81c3d3937729… 2020-02-25 2020-02-25
HASH 83228075a604e955d59edc760e4c4ed… 2020-02-25 2020-02-25
HASH 4a74a9fd40b63218f7504f806fce71d… 2020-02-25 2020-02-25
HASH 738ba44188a93de6b5ca7e0bf0a77f6… 2020-02-25 2020-02-25
HASH 04d70bb249206a006f83db39bbe49ff… 2020-02-25 2020-02-25
HASH 1ea6b3e99bbb67719c56ad07f5a1250… 2020-02-25 2020-02-25
HASH 12480585e08855109c5972e85d99cda… 2020-02-25 2020-02-25
HASH 52f83cdaefd194fff3d387631d5693a… 2020-02-25 2020-02-25
HASH 606c6000f36dc69fefc6df828e1ac9c… 2020-02-25 2020-02-25
HASH a2a77cefd2faa17e18843d74a8ad155… 2020-02-25 2020-02-25
HASH 618a67048d0a9217317c1d1790ad5f6… 2020-02-25 2020-02-25
HASH ddea408e178f0412ae78ff5d5adf243… 2020-02-25 2020-02-25
HASH fdb87add07d3459c43cfa88744656f6… 2020-02-25 2020-02-25
HASH d77fdabe17cdba62a8e728cbe6c740e… 2020-02-25 2020-02-25
IPv4 97.90.44.200 2020-02-25 2020-02-25
IPv4 70.224.36.194 2020-02-25 2020-02-25
IPv4 84.49.242.125 2020-02-25 2020-02-25
IPv4 195.158.234.60 2020-02-25 2020-02-25
IPv4 197.211.212.59 2020-02-25 2020-02-25
IPv4 193.56.28.103 2020-02-25 2020-02-25
IPv4 181.39.135.126 2020-02-25 2020-02-25
IPv4 81.94.192.10 2020-02-25 2020-02-25
IPv4 112.175.92.57 2020-02-25 2020-02-25
IPv4 21.252.107.198 2020-02-25 2020-02-25
IPv4 210.137.6.37 2020-02-25 2020-02-25
IPv4 113.114.117.122 2020-02-25 2020-02-25
IPv4 81.94.192.147 2020-02-25 2020-02-25
IPv4 128.200.115.228 2020-02-25 2020-02-25
IPv4 26.165.218.44 2020-02-25 2020-02-25
IPv4 117.239.241.2 2020-02-25 2020-02-25
IPv4 159.100.250.231 2020-02-25 2020-02-25
IPv4 137.139.135.151 2020-02-25 2020-02-25
IPv4 186.169.2.237 2020-02-25 2020-02-25
IPv4 188.165.37.168 2020-02-25 2020-02-25
IPv4 47.206.4.145 2020-02-25 2020-02-25
IPv4 218.255.24.226 2019-10-23 2020-02-25
IPv4 119.18.230.253 2019-10-23 2020-02-25
IPv4 14.140.116.172 2018-04-24 2020-02-25
IPv4 217.117.4.110 2017-11-20 2020-02-25
IPv4 107.6.12.135 2017-08-14 2020-02-25
IPv4 210.202.40.35 2017-08-14 2020-02-25
IPv4 221.138.17.152 2017-04-07 2020-02-25

Related Actors

Related Reports

« Back