SYMBOLCOMMON_NAMEaka. SYNONYMS
js.quickcafe (Back to overview)

QUICKCAFE

Actor(s): Lazarus Group


QUICKCAFE is an encrypted JavaScript downloader for QUICKRIDE.POWER that exploits the ActiveX M2Soft vulnerabilities. QUICKCAFE is obfuscated using JavaScript Obfuscator.

References
2017-12-19ProofpointDarien Huss
North Korea Bitten by Bitcoin Bug
QUICKCAFE PowerSpritz Ghost RAT PowerRatankba

There is no Yara-Signature yet.