VERY IMPORTANT

This Malware Analysis Report (MAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant is known as SHARPKNOT. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. This MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. This malware report contains analysis of a malicious 32-bit Windows executable file. When executed from the command line, the malware overwrites the Master Boot Record (MBR) and deletes files on the local system, any mapped network shares, and physically connected storage devices.