Leery Turtle (CS named it) is a threat group which is active since at least late 2017. They are targeting Cryptocurrency Exchange companies globally. They continuously carry out spear-phishing campaigns to infect their targets with custom written malware. The forensic analysis concludes that this group is systematically operated, persistent, and funded.

This is the analysis report of a sample which is tied to a campaign conducted against the South Korean Unification Ministry – 1 January 2019. We have identified that the aforementioned malware possesses information collection capabilities. We also suspect that the malware possesses remote command execution capabilities.

This is the analysis report of a malicious Word document used in a Phishing campaign targeting financial organizations and cryptocurrency exchanges. This dropper file is exploiting a vulnerability in Adobe Flash in order to download & execute the second stage malware.