MalwareBeginner6 modules

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

HackerLegend.com Threat IntelligenceOriginal Source

Threat Overview

Malware, RemotePE, Lazarus Group, financial and cryptocurrency organizations, multi-stage attack chain

1

Threat Overview

The Lazarus Group, linked to North Korea, has deployed RemotePE, a cross-platform malware, in attacks targeting financial and cryptocurrency organizations. RemotePE is part of a multi-stage attack chain involving DPAPILoader and RemotePELoader. The malware exploits a vulnerability in the attack chain.
2

Key Intelligence Points

1. RemotePE is a cross-platform malware used in attacks by the Lazarus Group.
2. DPAPILoader and RemotePELoader are part of a multi-stage attack chain.
3. The attack chain involves decryption and execution of malicious code.
4. Detection opportunities include monitoring for suspicious registry modifications and network traffic.
3

MITRE ATT&CK Techniques

T1204.001 User Execution: Malicious File
4

Indicators of Compromise (IOCs) / Affected Systems

DPAPILoader
RemotePELoader
RemotePE
5

Mitigation & Detection

Implement a multi-stage attack chain detection rule and monitor for suspicious registry modifications and network traffic.
Back to Threat Intelligence Feed