Intezer traces part of Lazarus malware lineage to CasperPhpTrojan, an open-source RAT published on a Chinese project site, after VirusTotal samples from 2016 matched Lazarus-related code signatures. The analysis found overlap with RedGambler code genes, an internal module name DllTroy.dll, and reused strings associated with Operation Troy and Prioxer. By compiling and comparing CasperPhpTrojan source against Lazarus binaries, Intezer identified shared implementation patterns such as HTTP header construction and GetProcAddress/LoadLibrary usage. The report includes hashes and infrastructure such as ready-jetkorea[.]com and plsong[.]com URLs that can support further pivoting. The finding matters because it reframes some Lazarus code reuse as possible adaptation of public RAT source code rather than exclusively original DPRK-developed tooling.