SYMBOLCOMMON_NAMEaka. SYNONYMS
js.quickcafe (Back to overview)

QUICKCAFE

Actor(s): Lazarus Group


QUICKCAFE is an encrypted JavaScript downloader for QUICKRIDE.POWER that exploits the ActiveX M2Soft vulnerabilities. QUICKCAFE is obfuscated using JavaScript Obfuscator.

References
2017-12-19ProofpointDarien Huss
@techreport{huss:20171219:north:b2da03e, author = {Darien Huss}, title = {{North Korea Bitten by Bitcoin Bug}}, date = {2017-12-19}, institution = {Proofpoint}, url = {https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf}, language = {English}, urldate = {2019-10-18} } North Korea Bitten by Bitcoin Bug
QUICKCAFE PowerSpritz Ghost RAT PowerRatankba

There is no Yara-Signature yet.