Hidden Cobra est détecté par KL (Kaspersky Lab) :

• Worm.Win32.Agent.age depuis le 23.09.2011
• Worm.Win32.Agent.pve depuis le 08.06.2013
• Worm.Win32.Agent.agq depuis le 19.10.2011

Hidden Cobra est aussi connu sous le nom Lazarus / BlueNoroff :

• https://securelist.com/lazarus-under-the-hood/77908/
• https://www.kaspersky.com/blog/lazarus-modus-operandi-and-countermeasures/6716/
• https://www.kaspersky.com/cyber-crime-lazarus-swift

US-CERT > Alert (TA18-149A)

• HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
• This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:
  • a remote access tool (RAT), commonly known as Joanap; and
  • a Server Message Block (SMB) worm, commonly known as Brambul.
  • …/…
• https://www.us-cert.gov/ncas/alerts/TA18-149A

Views: 1