Lazarus Deploys RemotePE: Memory-Only RAT Targeting Financial and Crypto Firms
North Korea's Lazarus Group deploys RemotePE, a memory-only RAT using DPAPI environmental keying and ETW patching, targeting financial and crypto organisations. Full IOCs, YARA, and MITRE mapping.
Rudra Verma, Senior Security Architect & Researcher