![]() The first is a manipulated piece of software that contains a malicious backdoor, while the second is a typical backdoor with a multi-stage binary infection process. In this initial discovery, the actor used two types of second-stage payload. Once the victim opens the document and enables the macro, the malicious Visual Basic Script extracts the embedded downloader malware and loads it with specific parameters. The malware author used decoy documents that were related to the cryptocurrency business such as a questionnaire about buying specific cryptocurrency, an introduction to a specific cryptocurrency, and an introduction to a bitcoin mining company. Upon further investigation, we discovered that the actor behind this weaponized document had been using similar malicious Word documents since October 2018. In mid-October 2019, we came across a suspicious document uploaded to VirusTotal. While monitoring the actor’s activities, we noticed that in one particular case they were using a significantly modified piece of malware. ![]() ![]() The notorious threat actor Lazarus has persistently targeted cryptocurrency-related businesses for a long time. In this blog, we will provide an overview of the significant modifications that have taken place within this cluster, both in terms of its technical and strategic aspects. Over the past few years, we have closely monitored the DeathNote cluster, observing a shift in their targets as well as the development and refinement of their tools, techniques, and procedures. This threat is also known as Operation DreamJob or NukeSped. In this blog, we’ll focus on an active cluster that we dubbed DeathNote because the malware responsible for downloading additional payloads is named Dn.dll or Dn64.dll. We have previously published information about the connections of each cluster of this group. The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |