VERY IMPORTANT

The interesting part regarding HWP malware is that the payload dropped from this malware is related to well-known malware families and threat groups such as Scarcruft (Group123, Reaper), Bluenoroff, Kimsuky and so on. These malicious payloads have also been observed in several incidents targeting cryptocurrency exchanges located in many other countries as well as in South Korea. This talk will cover a wide range of HWP malware. We attempt to organize and re-categorize these malware families with our own perspective by using vulnerabilities, decoding algorithms, methods of distribution, unique TTPs, etc.