| SYMBOL | COMMON_NAME | aka. SYNONYMS |
puNK-003 is a North Korean APT group known for deploying the Lilith RAT, a sophisticated C++ remote access trojan, and its AutoIt variant, CURKON, which functions as a downloader. The group primarily distributes malware through targeted phishing attacks using malicious LNK files. Analysis indicates that puNK-003 shares similarities with the KONNI group, particularly in the use of AutoIt scripts and specific coding functions. Key indicators of infection include unusual network activity and system slowdowns, with removal methods involving specialized antivirus software and manual techniques.
There are currently no families associated with this actor.
| 2025-04-06
⋅
Gridinsoft
⋅
How to Remove Lilith RAT: Complete Removal Guide Lilith puNK-003 |
| 2024-08-22
⋅
S2W Inc.
⋅
Analysis of the North Korea-backed puNK-003’s Lilith RAT ported to AutoIt Script Lilith puNK-003 |