A Lazarus Keylogger- PSLogger
2019-01-22 • Norfolk •
The source analyzes PSLogger, a keylogging and screen-grabbing utility connected to attempted intrusions against financial organizations in Vietnam. Two observed versions include a DLL injected through a modified PowerSploit framework and a standalone executable submitted from Pakistan. The tool's collection capabilities and contextual links place it within financially focused activity commonly associated with North Korean adversaries.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | d45931632ed9e11476325189ccb6b530 | 2019-01-22 | 2020-08-05 |
| HASH | 34404a3fb9804977c6ab86cb991fb130 | 2019-01-13 | 2020-08-05 |
| HASH | efd470cfa90b918e5d558e5c8c38213… | 2019-01-22 | 2020-03-09 |
| HASH | c6930e298bba86c01d0fe2c8262c46b… | 2019-01-13 | 2020-03-09 |
| HASH | 081d5bd155916f8a7236c1ea2148513… | 2019-01-22 | 2019-01-22 |
| HASH | b345e6fae155bfaf79c67b38cf488bb… | 2019-01-13 | 2019-01-22 |
| HASH | 791205487bae0ac814440573e992ba2… | 2019-01-13 | 2019-01-22 |
| HASH | ed7fcb9023d63cd9367a3a455ec9433… | 2018-07-23 | 2019-01-22 |
| HASH | 26466867557f84dd4784845280da1f27 | 2018-07-23 | 2019-01-22 |
Related Actors
Related Reports
Shares tag: Lazarus • Shares 6 IOCs • Same author: Norfolk • Published within a month
2019-02-20 •
60% Match
SE IDENTIFICÓ ATAQUES DEL GRUPO CIBERCRIMINAL LAZARUS DIRIGIDOS A ORGANIZACIONES EN RUSIA
Secure Soft
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
2019-01-21 •
60% Match
New Evidence Might Link Lazarus Tool Found in Chile RedBanc Intrusion to Previous Attacks in Pakistan
quoscient
Shares tag: Lazarus • Published within a week