- CREATED 51 MINUTES AGO by AlienVault
- Public
- TLP: White
A malicious code sample has been detected that checks to see if the company has C programs installed. After checking the existence of C program related files before performing malicious actions, if they do not exist, no additional actions are performed. Otherwise, the final action is to download and execute additional malicious codes from domestic distribution sites.
REFERENCE:https://medium.com/s2wlab/analysis-of-lazarus-malware-abusing-non-activex-module-in-south-korea-7d52b9539c12
TAGS:lazarus, non-activeX, c program, notepad++ plugin
MALWARE FAMILY:Lazarus
ATT&CK IDS:T1195.001 – Compromise Software Dependencies and Development Tools, T1073 – DLL Side-Loading, TA0011 – Command and Control, T1132.002 – Non-Standard Encoding