The DHS Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation have released a report on six new or upgraded malware variants being used by North Korea.

The malware types included are Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, Buffetline and Hoplight. Hoplight is a previously recorded malware believed to be used by the North Korean cyberespionage group Hidden Cobra. All the new malware types are also used by Hidden Cobra, according to CISA.

Bistromath, also used by Hidden Cobra, is basically a full-featured RAT implant executable and multiple versions of the CAgent11 GUI implant controller/builder. It performs simple XOR network encoding and can conducting system surveys, file upload/download, process and command execution, can listen to audio microphone, view the clipboard and the screen. The GUI controllers allow interaction with the implant as well as the option to dynamically build new implants with customized options.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.