BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
BTC $65266.0064
ETH $3170.2759
BNB $579.9567
SOL $151.5810
stETH $3170.3792
XRP $0.5307
DOGE $0.1622
TON $6.2152
ADA $0.5047
AVAX $37.5087
wstETH $3690.1011
WBTC $65350.8728
DOT $7.1858
WETH $3168.2550
TRX $0.1112
BCH $512.3933
LINK $14.9136
MATIC $0.7262
ICP $15.2978
UNI $7.8248
LTC $85.1449
DAI $1.0008
RNDR $9.1190
CAKE $2.9399
IMX $2.1935
STX $2.8650
ETC $27.9082
FDUSD $0.9998
MNT $1.2003
NEAR $6.3271
FIL $6.6129
OKB $55.7832
HBAR $0.0909
TAO $475.1056
VET $0.0423
WIF $3.0785
ATOM $8.6865
MKR $3070.6157
KAS $0.1185
FET $2.4759
GRT $0.2860
INJ $29.1371
PEPE $0.0000
USDE $0.9998
XLM $0.1150
THETA $2.2569
XMR $121.6010
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • How to use a PowerPoint to steal a bank's financial assets


    According to a new report from Kaspersky Lab, the BlueNoroff APT group, which is part of the North Korean Lazarus Group, has implemented methods to bypass Windows Mark of the Web (MoTW) protection. Bypass MoTW is achieved through the use of ISO images and VHD files.

    In the new campaign, the hackers created many fake domains imitating venture capital companies and banks, such as ABF Capital, Angel Bridge, ANOBAKA, Bank of America and Mitsubishi UFJ Financial Group. Most of the companies are located in Japan, which indicates a "living interest" in the region.

    The attack chain includes 3 methods of infecting the victim's device:

    1. Phishing emails contain attachments in the form of ISO files. These files, in turn, contain a Microsoft PowerPoint slide show (.PPSX) and a VBS (Visual Basic Script) that is executed when the victim clicks on a link in the PowerPoint file.
    2. A malicious Windows batch file is run using the LOLBin binary to obtain a second stage loader that extracts and executes the payload.
    3. The PDF honeypot comes with a VHD file that creates a loader (simulating anti-virus software) to deliver the next stage payload. The VHD file first disables EDR solutions by removing user-mode hooks. The final implant delivered is currently unknown.

    The Japanese language in the filenames and the creation of fraudulent domains posing as venture capital firms in Japan suggest financial firms in the country are a prime target for BlueNoroff's hackers, experts say.

    According to the US Army, the BlueNoroff APT group consists of 1,700 hackers "whose mission is to carry out financial cybercrime." Bluenoroff Group's tactic is to assess and exploit vulnerabilities in the enemy's network in the long term.

    Author DeepWeb
    Experts have found out which Android applications can take control of the device
    Darknet Marketplaces with Banned Substances Migrate to Custom Android Apps

    Comments 0

    Add comment