A Deep-Dive Analysis of the NukeSped RATs

From fortinet.com

Figure 1 RAT samples

Advanced Persistent Threat (APT) groups pose a great threat to global security, especially groups associated with nation states. Of all APT groups, those groups from North Korea have really stood out due to the great damage they have done as well as for their persistence. The U.S. Government, in particular, refers to the malicious threat actor connected to the North Korean government as HIDDEN COBRA.

FortiGuard Labs has been actively monitoring various APT groups such as HIDDEN COBRA. For example, in a previous post we gave an overview of the FALLCHILL Remote Administration Tools (RATs). Recently, we noticed some new interesting samples from this group, so we decided to take a further look.

Read more…