Dossier
RemotePELoader
Coverage of RemotePELoader in the Nexus archive.
- Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
The Lazarus Group, linked to North Korea, has deployed a memory-only malware called RemotePE in multi-stage attacks targeting financial and cryptocurrency organizations. The attack chain involves two loaders, DPAPILoader and RemotePELoader, as analyzed by NCC Group subsidiary Fox-IT.