JSAC2025_1_6_jeonggak-lyu_en.pdf (4 MB)

The JSAC source presents Lazarus-focused CTI methods for following clues across malware, infrastructure, and external knowledge bases such as Malpedia and the Pyramid of Pain. The report is useful as analytic tradecraft for strengthening Lazarus attribution and detection by correlating indicators with higher-level behaviors rather than relying only on low-confidence IOCs. It supports defenders investigating DPRK-linked campaigns and mapping evidence across reports, tools, and observed intrusion artifacts.