朝鲜APT组织Lazarus又又又对安全人员发起攻击 - 安恒威胁情报中心

2021-11-11 安恒信息 North Korean APT organization Lazarus launches another attack on security personnel - Anheng Threat Intelligence Center

https://starmap.dbappsecurity.com.cn/blog/articles/2021/11/11/lazarus-attack-researcher-again/

Thumbnail for 朝鲜APT组织Lazarus又又又对安全人员发起攻击 - 安恒威胁情报中心

DBAPPSecurity summarized ESET’s disclosure that Lazarus targeted security researchers by distributing a trojanized IDA Pro 7.5 installer. The installer included modified `idahelper.dll` and `win_fw.dll` components; `win_fw.dll` created a scheduled task that launched the malicious plugin component from the IDA Plugins directory. The payload attempted to download a next-stage implant from `devguardmap[.]org`, which the source describes as NukeSped RAT capable of file theft, screenshots, keystroke logging, and command execution. The report ties the activity to Lazarus using malware and infrastructure overlaps and adds context from earlier researcher-targeting activity involving the `mavillon1` persona and CVE-2021-33739.

Indicators of Compromise

Type Value First Seen Last Seen
HASH de0e23db04a7a780a640c656293336f… 2021-11-11 2021-11-11
HASH a8ef73cc67c794d5aa860538d668988… 2021-11-11 2021-11-11
URL https://www.devguardmap.org/boa… 2021-11-11 2021-11-11
DOMAIN devguardmap.org 2021-03-31 2021-11-11

Related Actors

Related Reports

2021-12-02 • 80% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1573.001 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004 #T0865
Shares tag: Lazarus • Published within a month
« Back