Just days after the historic Trump-Kim summit, the Department of Homeland Security and the FBI issued a new Malware Analysis Report and told the InfoSec community to watch OUT for North Korea's latest malware variant nicknamed TYPEFRAME.
"This malware report contains analysis of 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros. These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections."
Details on this RAT variant comes just a couple of weeks after warnings about the Joanapp RAT and Brambul worm, also from North Korea.
[Related: Trump and Kim attract a spike in malware where they go]
Example of what TYPEFRAME malware can do
Here is just one example of the North Korean malware and what it attempts to do, according to US-CERT.
--Begin functions perform by the malware--
Get Disk Free Space
Search for files
Execute process in elevated mode
Terminate processes
Delete files
Execute command-using shell
Download and upload files
Read files and write files
Delete Service and uninstall malware components using a batch script
--End functions perform by the malware--
The US-CERT update gives 11 examples of TYPEFRAME code and remediation tips in the Malware Analysis Report: North Korean Trojan TYPEFRAME.
