求职陷阱:Lazarus组织以日本瑞穗銀行等招聘信息为诱饵的攻击活动分析

2022-11-29 Qianxin Job-hunting trap: Lazarus attack campaign using Japanese Mizuho Bank recruitment information as bait

https://mp.weixin.qq.com/s/nnLqUBPX8xZ3hCr5u-iSjQ

Thumbnail for 求职陷阱:Lazarus组织以日本瑞穗銀行等招聘信息为诱饵的攻击活动分析

QiAnXin RedDrip reports a Lazarus campaign using a VHD disk image themed around Japanese Mizuho Bank recruitment information. The lure presents a Job Description PDF while a loader executes from the disk image, copies and decrypts a DLL payload, loads it with LoadLibraryW, and proceeds with RC4-based configuration handling, reflecting a job-themed intrusion chain against Windows users.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 826f2a2a25f7b7d42f54d18a99f6721… 2022-11-29 2023-05-12
HASH a17e9fc78706431ffc8b3085380fe29f 2022-11-29 2022-12-27
HASH 931d0969654af3f77fc1dab9e2bd66b1 2022-11-29 2022-12-27
URL https://docs.azure-protection.c… 2022-11-29 2022-12-27
HASH a4a33aa68310aff5cd023658ce11813c 2022-11-29 2022-11-29
HASH 0a8a4e2d462fb4b56ea98b25d5b1bdb3 2022-11-29 2022-11-29
HASH 3b06b63df1dfd4fb21e8196e4ef910dc 2022-11-29 2022-11-29
HASH 341b2c4d99bebaf345ab3c3e2a5e892c 2022-11-29 2022-11-29
HASH 51bf3e91a5325c376282df959486d5e3 2022-11-29 2022-11-29
HASH 08c14dd68da6800a6e630b0e6bee8f6f 2022-11-29 2022-11-29
HASH 3ce53609211cae4c925b9fee88c7380e 2022-11-29 2022-11-29
HASH 234260684f0406a443ab7d7558ece5b9 2022-11-29 2022-11-29
HASH 86b415dbf3bf56a7b03e5625a6139de7 2022-11-29 2022-11-29
HASH 7ea3ad49dbad5dc0db9ab253197ad561 2022-11-29 2022-11-29
HASH 2a7745c1b6fbc60c88487908a1d39ebb 2022-11-29 2022-11-29
HASH 31e154e560dff21f07f8aff37be6de9b 2022-11-29 2022-11-29
URL https://azure.protection-servic… 2022-11-29 2022-11-29
URL https://azure.protection-servic… 2022-11-29 2022-11-29
URL https://azure.online-protection… 2022-11-29 2022-11-29
URL https://verify.azure-protect.on… 2022-11-29 2022-11-29
URL https://azure.protection-servic… 2022-11-29 2022-11-29
URL https://secure.azure-protection… 2022-11-29 2022-11-29
URL https://azure.protection-servic… 2022-11-29 2022-11-29
DOMAIN secure.azure-protection.cloud 2022-11-29 2022-11-29
DOMAIN verify.azure-protect.online 2022-11-29 2022-11-29
DOMAIN azure.online-protection.cloud 2022-11-29 2022-11-29
DOMAIN azure.protection-service.cloud 2022-11-29 2022-11-29

Related Reports

2025-08-13 • 40% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004
Shares tag: T1087.002
« Back