The United States Cyber Command publicly released information about five malware samples, allegedly used by the government of the Democratic People’s Republic of Korea (DPRK) for phishing and remote access. The five samples represented three different malware variants, known as COPPERHEDGE, TAINTEDSCRIBE and PEBBLEDASH. Copies of the malware were uploaded to VirusTotal, to facilitate access for researchers and security product vendors.
At the time of submission on May 12th, several of the malware samples were not detected as malicious by most of the anti-virus products that Virus Total uses to check submissions. Targeted attacks from well-funded threat groups are able to create and maintain malware that is not recognized by anti-virus products. It is important to practice defense-in-depth to protect critical computer systems from intrusion by monitoring for attacker behaviors and quickly responding to investigate unusual activity on workstations and servers.
Indications of compromise:
SHA-256 hashes of malware samples:
To read more, please see: