BlueNoroff is a financially motivated cybercrime group that has been active since at least 2016. The group is known for using a variety of malware strains to carry out attacks, including ransomware, banking Trojans, and remote access Trojans (RATs).
BlueNoroff is believed to operate primarily out of North Korea and has targeted a range of organizations and individuals in various countries, including the United States, Europe, and Asia. The group has been known to target financial institutions, casinos, and other organizations in the gambling industry, as well as individuals through phishing campaigns.
One of the group's most well-known malware strains is "Typeframe," a RAT that is spread through phishing emails and allows the attackers to gain remote access to the victim's system. Once they have access, the attackers can steal login credentials, install additional malware, and perform other malicious actions.
In addition to Typeframe, BlueNoroff has also been known to use ransomware strains such as "Hermes" and "AppleJeus" to encrypt victims' files and demand a ransom for decrypting them. The group has also been linked to the development and use of banking Trojans, such as "Lazarus," which are designed to steal sensitive financial information from infected systems.
To protect against BlueNoroff and other cyber threats, it is important to take the following precautions:
Be cautious when opening emails or links from unknown sources
Do not download files or programs from untrusted websites
Keep your operating system and software up to date with the latest security patches
Use a reputable antivirus program and keep it up to date
Regularly back up your important files to an external drive or cloud storage
If you believe that your system has been infected with any of the BlueNoroff malware strains or any other malware, it is important to take immediate action to remove the infection and prevent further damage. This may involve running a full system scan with your antivirus program and deleting any malicious files or processes that are detected. In some cases, it may be necessary to reinstall the operating system or restore from a clean backup to fully remove the infection.
Implemented IOCs
033609f8672303feb70a4c0f80243349
2100e6e585f0a2a43f47093b6fabde74
4a3de148b5df41a56bde78a5dcf41975
5af886030204952ae243eedd25dd43c4
5f761f9aa3c1a76b17f584b9547a01a7
7a4a0b0f82e63941713ffd97c127dac8
813203e18dc1cc8c70d36ed691ca0df3
961e6ec465d7354a8316393b30f9c6e9
9ea244f0a0a955e43293e640bb4ee646
a3c61de3938e7599c0199d2778f7d417
a5d4bfc3eab1a28ffbcba67625d8292e
a94529063c3acdbfa770657e9126b56d
ab095cb9bc84f37a0a655fbc00e5f50e
b52d30d1db40d5d3c375c4a7c8a115c1
dd2569684ca52ed176f1619ecbfa7aaa
dff21849756eca89ebfaa33ed3185d95
e18dd8e61c736cfc6fff86b07a352c12
e546b851ac4fa5a111d10f40260b1466
e6e64c511f935d31a8859e9f3147fe24
ea7ed84f7936d4cbafa7cec51fe39cf7
f414f6590636037a6ec92a4d951bdf55
4e207d6e930db4293a6d720cf47858fc
5e44deca6209e64f4093beae92db0c93
84c427e002fd162d596f3f43ce86fd6a
c16977fefbdc825a5c6760d2b4ea3914
e5d12ef32f9bd3235d0ac45013040589
09bca3ddbc55f22577d2f3a7fda22d1c
0eb71e4d2978547bd96221548548e9f0
da599b0cde613b5512c13f299fec739e
0c9170a2584ceeddb89e4c0f0a2353ed
5053103dd5d075c1dc54edf1f8568098
536bae311c99a4d46f503c68595d4431
3078265f207fed66470436da07343732
15f1ae1fed1b2ea71fdb9661823663c6
56fe283ca3e1c1667191cc7764c260b6
850751de7b8e158d86469d22ad1c3101
1a8282f73f393656996107b6ec038dd5
2ea2ceab1588810961d2fc545e2f957e
561f70411449b327e3f19d81bb2cea08
3812cdc4225182326b1425c9f3c2d50b
4274e6dbc2b7aee4ef080d19fff47ce7
427bdfe4425e6c8e3ea41d89a2f55870
7a83be17f4628459e120a64fcab70bac
5d662269739f1b81072e4c7e48972420
244a23172af8720882ae0141292f5c47
a8e2c94abb4c1e77068a5e2d8943296c
89c26cefa057cf21054e64b5560bf583
805949896d8609412732ee7bfb44900a
a2be99a5aa26155e6e42a17fbe4fd54d
28917b4187b3b181e750bf024c6adf70
9f8e51f4adc007bb0364dfafb19a8c11
790a21734604b374cf260d20770bfc96
db315d7b0d9e8c9ca0aa6892202d498b
02904e802b5dc2f85eec83e3c1948374
baebc60beaced775551ec23a691c3da6
302314d503ae88058cb4c33a6ac6b79b
aeac6f569fb9a7d3f32517aa16e430d6
926DEEAF253636521C26442938013204
8064e00b931c1cab6ba329d665ea599c
bcb4a8f190f2124be57496649078e0ae
781a20f27b72c1c901164ce1d025f641
483e3e0b1dceb4a5a13de65d3
00a63a302dcaffc9f28826e9dba30e03
ee9dda6bbbb1138263873dbef36a4d42
0f1c81c2023eae0fc092ce9f58213bcf
491e0d776f01f102d36155a46f1a8e3c
c33ce08ebcc6e508bb3a17e0fa7b08f8
b1911ef720b17aeed69ec41c8e94cc1e
340fb219872ce3c0d3acf924f4f9e598
380e9e78dc5bc91fb6cdd8b4a875f20a
eb18ac97dba79ea48c185fb2826467fe
2a9ff6d80cdd4aeed1c48a1ccdc525dd
ecf75bec770edcd89a3c16d3c4edde1a
6c4943f4c28a07ee8cae41dad16d72b3
f76e2e6bfbee77ae36049880d7c227f7
7aec3d1b24ed0946ab740924be5834fa
47e325e3467bfa80055b7c0eebb11212
1e0d96c551ca31a4055491edc17ce2dd
bcf97660ce2b09cbffb454aa5436c9a0
13ff15ac54a297796e558bb96feaacfd
cace67b3ea1ce95298933e38311f6d0b
645adf057b55ef731e624ab435a41757
bde4747408ce3cfdfe8238a133ebcac9
421b1e1ab9951d5b8eeda5b041cb0657
d2f08e227cd528ad8b26e9bbe285ae3c
04deb35316ebe1789da042c8876c0622
af4eefa8cddc1e412fe91ad33199bd71
34239a3607d8b5b8ddd6797855f2e827
389172d2794d789727b9f7d01ec27f75
f40e7998a84495648b0338bc016b9417
c8c2a9c50ff848342b0885292d5a8cd4
adf9dc317272dc3724895cb07631c361
158d84c90a79edb97ec5b840d86217c7
e26725f34ebcc7fa9976dd07bfbbfba3
a435acb5bac92b855d1799a685507522
9969b67ef643bed20a38346dcd69bec4
a6446bfea82b69169b4026222ca253b2
bdf1643c3a10a25d3aba2c4c608ec5d5
b4b695c8e6fea95db5843a43644f88b0
d8561c74ad9624d7c35c0fb15d3ca8fe
f9195b14ed20b30b7c239d50e6418151
3dd638551b03a36d13428696dcada5d8
f26eaa212c503aaba6e5015cb8ef44b5
793de76de6d4015ebdd5e552ac5b2f90
709ec9fbbc3c37ccd39758527c332b84
89099235aad37a29b7acedc96fda0037
358791e1abd64f490c865643a3fbb93d
cea54a904434c66f217fbadc571e1507
9be0075b9344590b3cabf61c194db180
98e30453bbf1c9c9f48368f9bbe69edd
9ad7b21603ecce5ee744ba8aa387fb6c
3dd638551b03a36d13428696dcada5d8
2da244dc9bbdbf2013b7fbc2a74073a2
f3157dc297cb802c8ae2f07702903bfa
ce09cdb7979fb9099f46dd33036b9001
f7f4aa55a2e4f38a6a3ea5a108baedf5
ae52b28b360428829c4fcdc14e839f19
b30baa7873d86f985657c3e324ac431
ae79ea7dfa81e95015bef839c2327108
ca9b98f17b9e24ca3f802c04eb508103
849dd9e09cc2434ee7dbdbf9e1c408b2
804523ecb9f7809fc2377d03b47dba22
2b7e434e52ff7480ae06ba901f8efbfd
7129020312b85d5b1e760fc57b567d95
ea9d8b81c9f85fd142639997187b447e
e80f9d2fa735d7ab3bd9e954c4fcb6d0
e2ddf13340ba79b2635618e5675eea23
00a145e8f67a92b01ce4d85a0ed6bd77
73aed6bcf90f936f3fbcb389a133d7c8
ff28ec14ec926b9892c61b9bf154a910
97e5c0fe8089da97665a22975e2c86de
f60d7f620dc925c4e786bcf46856f4c8
4fbff7f0f62b26963b56c0fc23486891
4bb579d59830579be9ead9f74a55001e
aafc80ff2afc71b0d5abd6c8d2809e65
9850b24f8d70ad957f328961170e2d40
58495a2083065b36040eea288a9d5e17
f1cfd14b030e6b5d75e777ace530dad9
1fb25f72e4eb26b0df154de28dbff74c
1b1acc7f27717905e7094f338f81db9f
3776d4a24213972b54b9ed3360ac7883
c93f3bb4f7b19f5eb6f736f2659c4dae
9084620e0219c035d60d395be1bf4cae
2e38f37a23d9f00a02098dd302fc14e2