Shares tags: DreamJob, DeathNote • Same author: Kaspersky • Published within a week
Perfect Smoke and Mirrors of Enemy: Following Lazarus group by tracking DeathNote Campaign
2023-04-16 • Kaspersky •
The talk tracks Lazarus activity through the DeathNote cluster, starting with cryptocurrency exchange targeting that used malicious documents and trojanized trading applications. The speaker links the cluster to downloaders named dm.dll and dn64.dll, which collect victim information, contact C2 servers, and fetch follow-on payloads. By early 2020 the same activity shifted toward defense contractors, using job-themed decoys tied to aerospace and defense companies and techniques associated with Operation Dream Job.
Related Reports
2023-04-11 •
56% Match
Perfect Smoke and Mirrors of Enemy: Following Lazarus group by tracking DeathNote campaign
Kaspersky
Shares tags: DreamJob, DeathNote • Same author: Kaspersky • Published within a week
2023-05-09 •
33% Match
#DreamJob
#SmoothOperator
#T1090
#T1140
#T1585.003
#T1070.004
#T1587.001
#T1041
#T1608.001
#T1071.001
#T1083
#T1204.002
#T1566.002
#T1132.001
#T1573.001
#T1497.003
#T1593.001
#T1584.001
#T1134.002
#T1027.009
#T1562.003
#T1546.004
Shares tag: DreamJob • Published within a month
2023-04-20 •
33% Match
#DreamJob
#YARA
#3CXDesktopApp
#SmoothOperator
#T1090
#T1140
#T1585.003
#T1070.004
#T1587.001
#T1041
#T1608.001
#T1071.001
#T1083
#T1204.002
#T1566.002
#T1132.001
#T1573.001
#T1497.003
#T1593.001
#T1584.001
#T1134.002
#T1027.009
#T1562.003
#T1546.004
Shares tag: DreamJob • Published within a week
Shares tag: Youtube • Published within a month
Shares tag: Youtube • Published within a month