Lazarus Deploys RemotePE: Memory-Only RAT Targeting Financial and Crypto Firms

North Korea's Lazarus Group deploys RemotePE, a memory-only RAT using DPAPI environmental keying and ETW patching, targeting financial and crypto organisations. Full IOCs, YARA, and MITRE mapping.

2026-06-01T10:00:48.588Z
Rudra Verma, Senior Security Architect & Researcher