라자루스 APT 조직, 오퍼레이션 익스트림 잡(Extreme Job)으로 공격 수행
2019-01-31 • ESTSecurity • Lazarus APT group conducts attacks through Operation Extreme Job •
ESTsecurity ESRC reports a Lazarus campaign it names Operation Extreme Job, using a malicious DOC lure with macro code techniques reused from earlier intrusions. The document name and code style overlap with prior ESRC reporting on Operation Arabian Night, suggesting tool and tradecraft reuse by the same threat set. The campaign shows continued use of Korean-language document lures and Office macro delivery in Lazarus-linked APT activity.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | syadplus.com | 2019-01-31 | 2022-03-31 |
| DOMAIN | ilovesvc.com | 2019-01-30 | 2022-03-31 |
| HASH | fbd1cd15019c0dd6659a59bc93b8596f | 2019-01-31 | 2019-01-31 |
| HASH | 78a5c82eb99266ed981f435d8c919a79 | 2019-01-31 | 2019-01-31 |
| DOMAIN | secuvision.co.kr | 2019-01-31 | 2019-01-31 |
Related Actors
Related Reports
Shares tag: Lazarus • Same author: ESTSecurity
2019-02-20 •
60% Match
SE IDENTIFICÓ ATAQUES DEL GRUPO CIBERCRIMINAL LAZARUS DIRIGIDOS A ORGANIZACIONES EN RUSIA
Secure Soft
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
2019-01-21 •
60% Match
New Evidence Might Link Lazarus Tool Found in Chile RedBanc Intrusion to Previous Attacks in Pakistan
quoscient
Shares tag: Lazarus • Published within a month