Cylance’s Threat Guidance Team has detected and examined an unattributed infostealer malware named Paipeu (Korean for ‘Pipes’) which steals information using named pipes and has a hard coded South Korean IP address.
It is extremely rare that Cylance’s research team encounters a piece of freshly compiled code, which cannot be assigned to any of the already known malware families. Cylance recently found such a sample after CylancePROTECT® quarantined a threat in the System32 directory on a customer endpoint. The location of the file, the recent compile date, and the lack of similar files on known malware repositories combined to flag this sample as something to look deeper into. Indeed, only by fully understanding the threats organizations are facing today, can security teams have confidence in the tools they are using to stop them.
Cylance analysed the malware’s tactics, techniques and procedures to spread the word on this covert threat. You can find more about the malicious code on their blog: https://www.cylance.com/en_us/blog/threat-spotlight-new-infostealer-paipeu.html