It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Name of malware: (ex. Flame, stuxnet, warriorpride)
Type: (Virus, Trojan, worm, composite, etc)
Attack Vector: (download, USB drive, worm, etc)
Mechanism of action:
Duration of action:
Associated footprint: (checksum, files, etc)
The first weapon made entirely of code.
043e0d0d8b8cda56851f5b853f244f677bd1fd50f869075ef7ba1110771f70c2 5d26835be2cf4f08f2beeff301c06d05035d0a9ec3afacc71dff22813595c0b9 76a3666ce9119295104bb69ee7af3f2845d23f40ba48ace7987f79b06312bbdf be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844 f7c7b5e4b051ea5bd0017803f40af13bed224c4b0fd60b890b6784df5bd63494 fc626fe1e0f4d77b34851a8c60cdd11172472da3b9325bfe288ac8342f6c710a 09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d0c238ee36421cafa aee20f9188a5c3954623583c6b0e6623ec90d5cd3fdec4e1001646e27664002c c365ddaa345cfcaff3d629505572a484cff5221933d68e4a52130b8bb7badaf9 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
File name: @WanaDecryptor@.exe
The alert -- issued jointly by the FBI and the US Computer Emergency Readiness Team (US-CERT), which is part of the Department of Homeland Security (DHS) -- identifies IP addresses that North Korean actors are suspected of using to maintain a presence on victims' networks. The agencies warned of "severe impacts" from successful intrusions, including the loss of proprietary information and operational disruptions.
FALLCHILL, the alert said, is issued from a command and control (C2) server to a victim's system using multiple proxies to obfuscate network traffic. It uses fake Transport Layer Security (TLS) communications, encoding the data with RC4 encryption.
The malware typically infects a system as a file dropped by other North Korean malware or as a file unknowingly downloaded from a compromised site. It collects basic information such as OS version information and system name, and it allows for remote operations including searching, reading, writing, moving and executing files.