Intezer analyzes a Hermes 2.1 ransomware sample after earlier reporting linked Hermes use to a Taiwan bank-heist distraction and described the ransomware as thought to have originated from Lazarus. Code-reuse analysis found that the newer Hermes sample was mostly changed but still retained key fragments and function-level matches with earlier Hermes binaries. The report also notes similarities to techniques known to be used by Lazarus, while cautioning that there was not enough information to determine the specific intent behind the new sample. The reappearance matters because the same ransomware code could be reused to distract from other operations such as intellectual-property theft, bank fraud, or additional intrusions.