Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

2022-09-30 ESET

https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/

Thumbnail for Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

ESET attributes 2021 attacks in the Netherlands and Belgium to Lazarus with high confidence, citing malware modules, a code-signing certificate, and overlap with Operation In(ter)ception and Operation DreamJob tradecraft. The campaign used Amazon-themed fake job lures against an aerospace employee contacted through LinkedIn and a political journalist reached by email. After the lure documents were opened, Lazarus deployed droppers, loaders, HTTP(S) backdoors, uploaders and downloaders, including BLINDINGCAN-related tooling. The most notable component abused Dell’s signed DBUtil driver via CVE-2021-21551 to gain kernel memory access and disable multiple Windows monitoring mechanisms, helping the operators blind security products during data-exfiltration operations.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 67.225.140.4 2022-09-30 2023-09-29
IPv4 50.192.28.29 2022-09-30 2023-09-29
DOMAIN turnscor.com 2020-12-15 2023-09-29
HASH 569234edfb631b4f99656529ec21067… 2022-09-30 2022-09-30
HASH 55cab89cb8dabcaa944d0bca5cbbbeb… 2022-09-30 2022-09-30
HASH 4aa48160b0db2f10c7920349e3dcce0… 2022-09-30 2022-09-30
HASH c948ae14761095e4d76b55d9de86412… 2022-09-30 2022-09-30
HASH 085f3a694a1eecde76a69335cd1ea7f… 2022-09-30 2022-09-30
HASH 83cf7d8ef1a241001c599b9bcc8940e… 2022-09-30 2022-09-30
HASH 5f4fbd57319bd0d2df31131e864fdda… 2022-09-30 2022-09-30
HASH 735b7e9dfa7af03b751075fd6d3de45… 2022-09-30 2022-09-30
HASH c71c19dbb5f40dbb9a721dc05d4f986… 2022-09-30 2022-09-30
HASH 001386cbbc258c3fcc64145c74212a0… 2022-09-30 2022-09-30
HASH be93e050d9c0eaeb1f0e6ae13c1595b5 2022-09-30 2022-09-30
HASH 806668ecc4bfb271e645acb42f22f75… 2022-09-30 2022-09-30
HASH fd6d0080d27929c803a91f268b719f7… 2022-09-30 2022-09-30
HASH 97daab7b422210ab256824d9759c0db… 2022-09-30 2022-09-30
HASH bd5dcb90c5b5fa7f5350ea2b9ace56e… 2022-09-30 2022-09-30
HASH 296d882cb926070f6e43c99b9e16834… 2022-09-30 2022-09-30
URL http://www.stracarrara.org/imag… 2022-09-30 2022-09-30
URL https://aquaprographix.com/patt… 2022-09-30 2022-09-30
URL https://turnscor.com/wp-include… 2022-09-30 2022-09-30
URL https://thetalkingcanvas.com/th… 2022-09-30 2022-09-30
DOMAIN aquaprographix.com 2022-09-30 2022-09-30
DOMAIN thetalkingcanvas.com 2022-09-30 2022-09-30
IPv4 31.11.32.79 2022-09-30 2022-09-30
URL https://www.gonnelli.it/uploads… 2020-12-15 2022-09-30

Related Reports

2021-12-02 • 34% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1573.001 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004 #T0865
Shares tags: T1059.003, T1140, T1584.004
2025-08-13 • 32% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004
Shares tags: T1059.003, T1140, T1584.004
« Back