Lazarus APT conceals malicious code within BMP image to drop its RAT
2021-04-19 • Malwarebytes •
In one of their most recent campaigns Lazarus used a complex targeted phishing attack against security researchers. This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. The Lazarus threat actor is one of the most active and sophisticated North Korean threat actors that has targeted several countries including South Korea, the U.S. In this campaign, Lazarus resorted to an interesting technique of BMP files embedded with malicious HTA objects to drop its Loader.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | jinjinpig.co.kr | 2021-04-19 | 2021-12-22 |
| HASH | ed5fbefd61a72ec9f8a5ebd7fa7bcd6… | 2021-04-19 | 2021-12-22 |
| URL | http://www.jinjinpig.co.kr/Anyb… | 2021-04-19 | 2021-12-22 |
| URL | http://mail.namusoft.kr/jsp/use… | 2021-04-19 | 2021-12-22 |
| DOMAIN | mail.namusoft.kr | 2021-04-19 | 2021-12-22 |
| HASH | f1eed93e555a0a33c7fef74084a6f8d… | 2021-04-19 | 2021-04-19 |
Related Actors
Related Reports
Shares tag: Lazarus • Shares 3 IOCs • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a week