Malware Analysis Report AR18-221A: HIDDEN COBRA Trojan – KEYMARBLE

The United States DHS and FBI have published a Malware Analysis Report (AR18-221A) on a Trojan they name as KEYMARBLE. They believe the Trojan to be associated with malicious cyber activity carried out by the North Korean government that they refer to as HIDDEN COBRA.



KEYMARBLE is a Windows executable and its capabilities include obtaining system configuration information, command execution, making changes to the registry, taking screenshots, downloading additional files and exfiltrating data.