HITCON2021_Anatomy-of-COBRA.pdf (4 MB)

JPCERT/CC's Anatomy of COBRA presentation reviews Lazarus Group campaigns and recent TTPs, emphasizing that Lazarus activity spans many countries and targets. The slides discuss how Lazarus-related categorizations overlap across names such as Bluenoroff, Andariel, TEMP.Hermit, APT38, Appleworm, and Stonefly, because campaigns can share infrastructure, malware, and techniques. The presentation focuses on Operation Dream Job, Operation JTrack, defense-industry targeting, ThreatNeedle, Bookcode, DTrack, and related activity to help analysts counter undocumented Lazarus tradecraft.