Lazarus Group, a team of cyber criminals reportedly based in North Korea, is believed to be targeting its southern neighbor with malicious documents. The files, recently reviewed by South Korean researchers and experts at AlienVault, pack Manuscrypt malware as the final payload. Manuscrypt is referred to as "Bankshot" by McAfee, which uses the term "Hidden Cobra" for the organization known as Lazarus Group. South Korea have suggested the the thefts from Bithumb started with malicious HWP files earlier in May and June. They also mentioned they are linked to previous attacks by Lazarus, and involved faked resumes. Manuscrypt is in Hangul Word Processor file's format, a Korean word processing application.
Manuscrypt RAT Sample 1 Signatures
Family: Other:Malware-gen [Trj]
MD5: b84edaf6c128901e26dd94c34d6cdf5b
SHA256: a1c6b6e82f7c661d2103c31550e92e281503fadd0adfd88804a99027db320ead
Manuscrypt RAT Sample 1 Download
Manuscrypt RAT Sample 2 Signatures
Family: Other:Malware-gen [Trj]
MD5: 06cfc6cda57fb5b67ee3eb0400dd5b97
SHA256: e498630abe9a91485ba42698a35c2a0d8e13fe5cccde65479bf3033c45e7d431
Manuscrypt RAT Sample 2 Download
