The Threat Codex6h ago
RemotePE: The Lazarus RAT that lives in memory
#UNC4736 #DPAPILoader #RemotePELoader #RemotePE
https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory/
RemotePE: The Lazarus RAT that lives in memory

Authors: Yun Zheng Hu and Mick Koomen Summary Last year, we published research1 about a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations, encountered during multip…

Fox-IT International blog
ransomNews11h ago
⚠️ Lazarus keeps RemotePE off the filesystem #RemotePE runs entirely in memory after DPAPILoader and RemotePELoader, leaving no disk artifact while targeting finance and #crypto firms. 🔗 read more: thehackernews.com/2026/05/laza... #ransomNews #cybersecurity
CyberNetsecIO1d ago

📰 Lazarus Group Unleashes 'RemotePE' Memory-Only RAT in Attacks on Financial and Crypto Firms

🇰🇵 Lazarus Group deploys new 'RemotePE' memory-only RAT against financial & crypto firms. The fileless malware evades detection by never touching the disk, using a multi-stage infection chain. #LazarusGroup #Malware #ThreatIntel #RemotePE

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/lazarus-group-deploys-memory-only-rat-remotepe-in-financial-attacks/?utm…

Rene RobichaudSep 2, 2025

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
https://thehackernews.com/2025/09/lazarus-group-expands-malware-arsenal.html

#Infosec #Security #Cybersecurity #CeptBiro #LazarusGroup #MalwareArsenal #PondRAT #ThemeForestRAT #RemotePE

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

Lazarus Group used PondRAT, ThemeForestRAT, and RemotePE in a 2024 DeFi attack, likely via Chrome zero-day.

The Hacker News