DHS and FBI Release Report on North Korean Malware TYPEFRAME

The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a Malware Analysis Report (MAR) on the malware TYPEFRAME, used by a North Korean APT group known as HIDDEN COBRA or Lazarus Group. The malware has the capability to download and install additional malware, install proxy and remote access trojans, connect to C2 servers for instructions, and modify the victim’s firewall to allow incoming connections. The information contained in the MAR is intended to enable network defenders and reduce exposure to North Korean government cyber activity. The NJCCIC recommends organizations that may be considered high-value targets for cyber-espionage activity review the MAR, scan networks for the IOCs provided, and apply the included recommendations. If activity associated with this or other malware variants deployed by HIDDEN COBRA is identified on your network, users are encouraged to report the activity to the US-CERT here and the NJCCIC here.