DPRK Malware Modularity: Diversity and Functional Specialization

2026-04-03 Domaintools

https://dti.domaintools.com/research/dprk-malware-modularity-diversity-and-functional-specialization

Thumbnail for DPRK Malware Modularity: Diversity and Functional Specialization

North Korea’s malware ecosystem is presented as a deliberately compartmentalized portfolio built for mission specialization, resilience, and attribution ambiguity. The espionage track, associated in the text with Kimsuky, emphasizes low-noise access, credential collection, mailbox surveillance, document theft, script-heavy loaders, memory-resident backdoors, and abuse of trusted cloud services for command-and-control or staging. The financial track, associated with Lazarus Group, prioritizes rapid monetization against cryptocurrency exchanges, blockchain developers, DeFi platforms, and software supply chains using wallet stealers, browser injectors, clipboard hijacking, compromised packages, and trojanized updates. The report frames this diversity as an adaptation to sanctions, public exposure, takedowns, and stronger defenses, allowing DPRK operators to burn and replace tooling without collapsing the broader program.

Indicators of Compromise

Type Value First Seen Last Seen
HASH f749c7e84809ffc3939eaed06ad90e1… 2026-01-29 2026-04-03
HASH fc885b323172106ab6f2f0cc77b6099… 2026-01-29 2026-04-03
HASH 666c50b8b772101b0e2e35ff1de52a2… 2026-01-29 2026-04-03
HASH 512877c98fd83cd51bb287da4462b44… 2026-01-29 2026-04-03
HASH 73edc54abb3d6b8df6bd1e4a77c3733… 2026-01-29 2026-04-03
HASH d0cf9c1f87eac9b8879684a041dd6a2… 2026-01-29 2026-04-03
HASH 453d8bd3e2069bc50703eb4c5d278aa… 2026-01-29 2026-04-03
HASH ceccb2339088fa2d6337082704bbf67… 2026-01-29 2026-04-03
HASH a795964bc2be442f142f5aea9886ddf… 2026-01-29 2026-04-03
HASH d2359630e84f59984ac7ddebdece931… 2026-01-29 2026-04-03
HASH 2110a6e89d98a626f846ec8deccbac0… 2026-01-29 2026-04-03
HASH 2ef212f433b722b734d80b41a2364a4… 2026-01-29 2026-04-03
HASH 357c9daf6c4343286a9a85a27bc25de… 2026-01-29 2026-04-03
HASH 56e51244e258c39293463c8cf02f5dd… 2026-01-29 2026-04-03
HASH b6995c31a7ee88392fc25fd6d1a3a79… 2026-01-29 2026-04-03
HASH d2e743216d17e97c8d1913d376d4609… 2026-01-29 2026-04-03
HASH b9f6a9d4f837f5b8a5dc9987a91ba44… 2026-01-29 2026-04-03
HASH 1579347265f948f9646931335d57e79… 2026-01-29 2026-04-03
HASH f9586fdf4e0a65b17ee32bc3c3f493a… 2026-01-29 2026-04-03
HASH fde50c3a373ebc2661e08c99c1cb50d… 2026-01-29 2026-04-03
HASH 7dee2bd4e317d12c9a2923d05315268… 2026-01-29 2026-04-03
HASH e0aa5ef3af26681a8c8b46d95656580… 2026-01-29 2026-04-03
HASH 0518a163b90e7246a349440164d02d1… 2026-01-29 2026-04-03
HASH ff32bc1c756d560d8a9815db458f438… 2025-09-01 2026-04-03
HASH 58f2972c6a8fc743543f7b8c4df085c… 2024-12-23 2026-04-03
HASH 081804b491c70bfa63ecdbe9fd4618d… 2024-09-09 2026-04-03
HASH cbd1634cf7c638f2faf5e3ec79137db… 2024-09-02 2026-04-03
HASH fe948451df90df80c8028b969bf89ec… 2022-12-01 2026-04-03
HASH 9ba02f8a985ec1a99ab7b78fa678f26… 2022-04-18 2026-04-03
HASH dced1acbbe11db2b9e7ae44a617f3c1… 2022-04-18 2026-04-03
HASH a61ecbe8a5372c85dcf5d077487f09d… 2020-07-27 2026-04-03
HASH 05feed9762bc46b47a7dc5c469add9f… 2020-02-25 2026-04-03
HASH 4fe3c853ab237005f7d62324535dd64… 2017-02-12 2026-04-03

Related Actors

First seen: Jul 2017
Last seen: May 2026

Related Reports

« Back