Lazarus downloader brief analysis
2019-02-12 • emptyregisters •
https://medium.com/emptyregisters/lazarus-downloader-brief-analy-17875f342d96
The Lazarus downloader analysis builds on previously identified January 2019 samples and derives a YARA detection for a related payload. Sandbox behavior showed the malware beaconing to a control server with an HTTP request for an info.asp path, providing network evidence for detection. The source is primarily a technical malware note, with useful C2 and rule-development details rather than broad campaign context.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| YARA | LazarusDocJan2019_01 | 2019-02-12 | 2019-02-12 |
| HASH | 625f63364312cec78a4c91abedba868… | 2019-02-12 | 2019-02-12 |
| DOMAIN | poem.ekosa.org | 2019-02-12 | 2019-02-12 |
Related Actors
Related Reports
2019-02-20 •
80% Match
SE IDENTIFICÓ ATAQUES DEL GRUPO CIBERCRIMINAL LAZARUS DIRIGIDOS A ORGANIZACIONES EN RUSIA
Secure Soft
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a week
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
2019-01-21 •
80% Match
New Evidence Might Link Lazarus Tool Found in Chile RedBanc Intrusion to Previous Attacks in Pakistan
quoscient
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month