Edr-Evasion

threat-actor 2026-05-26
Lazarus RemotePE: Memory-Only RAT Behind $577M Crypto Theft Surfaces in Fox-IT Disclosure
Fox-IT and The Hacker News detail RemotePE, a fileless C++ RAT used by North Korea's Lazarus Group against fintech and crypto firms via a DPAPI-bound loader chain. Tied to $577M in 2026 crypto theft.
lazarus dprk rat memory-only-malware edr-evasion cryptocurrency dpapi apt
ransomware 2026-04-18
Payouts King Runs Hidden QEMU VMs to Bypass EDR — STAC4713 and CitrixBleed 2 Campaigns
Sophos tracks two Payouts King campaigns running Alpine Linux inside QEMU on Windows hosts to tunnel reverse SSH and evade endpoint security. STAC3725 chains in CitrixBleed 2 (CVE-2025-5777) against NetScaler.
ransomware payouts-king qemu gold-encounter citrixbleed stac4713 stac3725 netscaler edr-evasion black-basta

Lazarus RemotePE: Memory-Only RAT Behind $577M Crypto Theft Surfaces in Fox-IT Disclosure