{"id":1998,"date":"2018-05-30T14:59:17","date_gmt":"2018-05-30T14:59:17","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132375"},"modified":"2018-05-30T14:59:17","modified_gmt":"2018-05-30T14:59:17","slug":"hidden-cobra-strikes-again-with-custom-rat-smb-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/","title":{"rendered":"Hidden Cobra Strikes Again with Custom RAT, SMB Malware"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2017\/06\/06224233\/Hidden-Cobra-Malware.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>The feds are warning that the North Korean APT group known as Hidden Cobra is mounting active attacks on U.S. businesses (and others globally), including organizations in the media, aerospace, financial and critical infrastructure sectors.<\/p>\n<p>According to a United States Computer Emergency Readiness Team (US-CERT) <a href=\"https:\/\/www.us-cert.gov\/ncas\/alerts\/TA18-149A\">bulletin<\/a> released Tuesday, the state-sponsored group is using two families of malware against U.S. assets: A remote access tool (RAT) dubbed Joanap; and a Server Message Block (SMB) worm known as Brambul.<\/p>\n<p>Neither family is new, having been first observed in 2009. However, both are bringing thoroughly modern tricks to the cyber-party. The actors are targeting sensitive and proprietary information, and the malware could disrupt regular operations and disable systems and files.<\/p>\n<p><strong>A Look at Joanap and Brambul<\/strong><\/p>\n<p>Joanap is a fully functional RAT that serves as the payload in various phishing or drive-by attacks. Hidden Cobra uses it to exfiltrate data and host system information, drop and run secondary payloads, and initialize proxy and peer-to-peer communications on compromised Windows devices, according to the alert. It uses Rivest Cipher 4 encryption to communicate with the C2.<\/p>\n<p>It also has capabilities to manage botnets for other types of operations, and can carry out file management, process management, the creation and deletion of directories, and node management.<\/p>\n<p>Brambul meanwhile is a Windows 32-bit brute-force authentication worm that spreads through SMB, which is the Windows file-sharing protocol that enables shared access to files between users on a network. Famously, SMB is the point of compromise targeted by leaked National Security Agency hacking tools like <a href=\"https:\/\/threatpost.com\/eternalblue-exploit-used-in-retefe-banking-trojan-campaign\/128103\/\">EternalBlue<\/a> and EternalRomance.<\/p>\n<p>In this case, Brambul specifically targets insecure or unsecured user accounts and spreads through poorly secured network shares. It shows up looking like a service dynamic link library file or a portable executable file; and once executed, it pivots to spread to other subnets and systems on the network.<\/p>\n<p>\u201cIf successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks,\u201d the alert explained.<\/p>\n<p>Once active on a system, Brambul sets about harvesting system information and sending it back to Hidden Cobra actors via malicious email messages. It can also accept command-line arguments, and it has a self-kill mechanism.<\/p>\n<p><strong>North Korea Behind the Scenes<\/strong><\/p>\n<p>Joint <a href=\"https:\/\/www.us-cert.gov\/hiddencobra\">Hidden Cobra<\/a> research from the Department of Homeland Security and the FBI noted that IP addresses and other <a href=\"https:\/\/www.us-cert.gov\/ncas\/analysis-reports\/AR18-149A\">indicators of compromise<\/a> (IOCs) associated with the attacks link back to both strains, which they say are custom malware deployed by the North Korean government.<\/p>\n<p>\u201cFBI has high confidence that Hidden Cobra actors are using the IP addresses\u2014listed in this report\u2019s IOC files\u2014to maintain a presence on victims\u2019 networks and enable network exploitation,\u201d the feds said in their alert. \u201cDHS and FBI are distributing these IP addresses and other IOCs to enable network defense and reduce exposure to any North Korean government malicious cyber-activity.\u201d<\/p>\n<p>Hidden Cobra (also known as the Lazarus Group) has been on the radar screen for some time; it was linked to the infamous <a href=\"https:\/\/threatpost.com\/fbi-officially-blames-north-korea-in-sony-hacks\/109999\/\">2014 Sony Pictures hack<\/a>, for instance, as well as the <a href=\"https:\/\/threatpost.com\/lazarus-apt-spinoff-linked-to-banking-hacks\/124746\/\">SWIFT banking attacks<\/a>. More recently, last June the group <a href=\"https:\/\/threatpost.com\/dhs-fbi-warn-of-north-korea-hidden-cobra-strikes-against-us-assets\/126263\/\">was seen leveraging<\/a> malware called DeltaCharlie, which is the brains behind North Korea\u2019s distributed denial-of-service (DDoS) botnet infrastructure.<\/p>\n<p>Also, in April, Thailand\u2019s Computer Emergency Response Team (ThaiCERT) <a href=\"https:\/\/threatpost.com\/thaicert-seizes-hidden-cobra-server-linked-to-ghostsecret-sony-attacks\/131498\/\">seized a server<\/a> operated by the APT, which is part of the network used to control the global GhostSecret espionage campaign, which researchers say is still ongoing. McAfee <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide\/\">warned<\/a> at the time that the GhostSecret campaign was carrying out data reconnaissance on a wide number of industries, including critical infrastructure, entertainment, finance, healthcare and telecommunications, in at least 17 countries.<\/p>\n<p>To avoid compromise, users and administrators should follow best practices, especially maintaining up-to-date patching and antivirus; enabling workstation firewalls; implementing email- and download-scanning to quarantine or block suspicious attachments and files; restricting user permissions for software installations; and disabling Microsoft\u2019s File and Printer Sharing service, if not needed.<\/p>\n<p>\u201cIf this service is required, use strong passwords or Active Directory authentication,\u201d US-CERT noted.<\/p>\n<p> READ MORE <a href=\"https:\/\/threatpost.com\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/132375\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The North Korean-sponsored actors are targeting sensitive and proprietary information, and the malware could disrupt regular operations and disable systems and files. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1999,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[973,974,975,125,976,214,126,977,978,979,28,331,980,981],"class_list":["post-1998","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-alert","tag-attacks","tag-brambul","tag-critical-infrastructure","tag-dhs","tag-fbi","tag-government","tag-hidden-cobra","tag-joanap","tag-lazarus-group","tag-malware","tag-rat","tag-smb","tag-us-cert"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hidden Cobra Strikes Again with Custom RAT, SMB Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hidden Cobra Strikes Again with Custom RAT, SMB Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-30T14:59:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hidden Cobra Strikes Again with Custom RAT, SMB Malware\",\"datePublished\":\"2018-05-30T14:59:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/\"},\"wordCount\":697,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg\",\"keywords\":[\"alert\",\"Attacks\",\"brambul\",\"Critical Infrastructure\",\"DHS\",\"FBI\",\"Government\",\"Hidden Cobra\",\"joanap\",\"Lazarus Group\",\"Malware\",\"RAT\",\"SMB\",\"US-CERT\"],\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/\",\"name\":\"Hidden Cobra Strikes Again with Custom RAT, SMB Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg\",\"datePublished\":\"2018-05-30T14:59:17+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg\",\"width\":800,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"alert\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/alert\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hidden Cobra Strikes Again with Custom RAT, SMB Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hidden Cobra Strikes Again with Custom RAT, SMB Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/","og_locale":"en_US","og_type":"article","og_title":"Hidden Cobra Strikes Again with Custom RAT, SMB Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-30T14:59:17+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hidden Cobra Strikes Again with Custom RAT, SMB Malware","datePublished":"2018-05-30T14:59:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/"},"wordCount":697,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg","keywords":["alert","Attacks","brambul","Critical Infrastructure","DHS","FBI","Government","Hidden Cobra","joanap","Lazarus Group","Malware","RAT","SMB","US-CERT"],"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/","url":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/","name":"Hidden Cobra Strikes Again with Custom RAT, SMB Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg","datePublished":"2018-05-30T14:59:17+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/hidden-cobra-strikes-again-with-custom-rat-smb-malware.jpg","width":800,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hidden-cobra-strikes-again-with-custom-rat-smb-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"alert","item":"https:\/\/www.threatshub.org\/blog\/tag\/alert\/"},{"@type":"ListItem","position":3,"name":"Hidden Cobra Strikes Again with Custom RAT, SMB Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1998","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=1998"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1998\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/1999"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=1998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=1998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=1998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}