The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as TYPEFRAME—used by the North Korean government, and have published a Malware Analysis Report (MAR) to enable network defense and reduce exposure to North Korean government malicious cyber activity.
The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
The MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques.
The report contains analysis of 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros.
These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim’s firewall to allow incoming connections.
Users and administrators are encouraged to flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.