Dissecting Lazarus's operation target for cryptocurrency business
2020-02-05 • Kaspersky •
https://github.com/theseongsu/presentation/blob/main/K-CTI2020_Lazarus.pdf
Attachments
K-CTI2020_Lazarus.pdf (4 MB)
Seongsu Park’s K-CTI 2020 Lazarus slides emphasize that threat intelligence is broader than IOC lists alone. The extracted slide text shows a loader and C2 chain involving update.exe, a .NET loader, injection into iexplorer.exe, a tainted loader, and encrypted configuration files. The presentation argues for TTP-oriented detection, including ATT&CK and Sigma-based approaches, rather than relying only on domains, IPs, and hashes.
Related Actors
Related Reports
Shares tags: ThreatNeedle, Slides, Lazarus • Same author: Kaspersky
Shares tags: ThreatNeedle, Slides, Lazarus • Same author: Kaspersky
Shares tags: AppleJeus, Lazarus • Published within a month
Shares tag: AppleJeus • Same author: Kaspersky • Published within a month
2025-04-24 •
50% Match
#ThreatNeedle
#LPEClient
#SIGNBT
#AGAMEMNON
#Lazarus
#Innorix
#SyncHole
#CrossEX
#T1027.013
#T1082
#T1140
#T1071.001
#T1083
#T1057
#T1583.003
#T1583.001
#T1105
#T1620
#T1574.002
#T1135
#T1573.001
#T1190
#T1189
#T1049
#T1573.002
#T1016
#T1087.001
#T1218.011
#T1584.001
#T1574.001
#T1564.004
#T1027.009
#T1569.002
#T1543.003
#T1087.002
#T1570
#T1608.004
#T1547.005
#T1007
Shares tags: ThreatNeedle, Lazarus • Same author: Kaspersky
Shares tags: AppleJeus, Slides • Same author: Kaspersky