DHS and FBI Release Report on North Korean Malware KEYMARBLE

The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) released a Malware Analysis Report (MAR) on the trojan malware KEYMARBLE, used by a North Korean Advanced Persistent Threat (APT) group known as HIDDEN COBRA or Lazarus Group. The trojan can perform the following functions: download and upload files, execute additional payloads and shell commands, terminate running processes, delete files, search for files, create registries, collect device information, and capture screenshots. The information contained in the MAR is intended to strengthen network defenses and reduce exposure to North Korean government cyber activity. The NJCCIC recommends organizations that may be considered high-value targets for cyber-espionage activity review the MAR, scan networks for the Indicators of Compromise (IOCs) provided, and apply the included recommendations. If activity associated with this or other malware variants deployed by HIDDEN COBRA is identified on your network, users are encouraged to report the activity to the US-CERT here and the NJCCIC here.