Operation-Blockbuster-RAT-and-Staging-Report.pdf (2 MB)

Operation-Blockbuster-Destructive-Malware-Report.pdf (2 MB)

Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf (2 MB)

Operation-Blockbuster-Ex-Summary.pdf (531 KB)

Operation-Blockbuster-Report.pdf (9 MB)

Novetta Operation Blockbuster documents Lazarus Group remote administration and content staging malware families uncovered during a broader industry investigation. The report explains the Romeo RAT families, Sierra spreaders, Joanap peer to peer staging components, Hotel webserver tooling, and Whiskey destructive malware used across the Lazarus toolset. It describes both client and server mode RAT behavior, file upload and download capability, command execution, and a naming scheme used to classify Lazarus malware by function.