SOCRadar LABS - Tests On Your Security Posture

Search Again

Lazarus Group

★ Rank: 1

Get Free Access to Insights

Summary of Actor:Lazarus Group, also known as APT38, is a notorious state-sponsored hacking group attributed to North Korea. The group is known for its sophisticated cyber espionage and financially motivated attacks.

General Features:Lazarus Group is highly sophisticated and employs advanced techniques to conduct cyber espionage and financial theft. The group is backed by a nation-state and often uses malware, spear-phishing, and vulnerabilities to infiltrate targets.

Related Other Groups: APT37,Kimsuky,Reaper,BlueNoroff

Indicators of Attack (IoA):

Use of trojans and ransomware
Spear-phishing emails
Deployment of custom malware
Command and Control (C2) server communications

Recent Activities and Trends:

Latest Campaigns : Lazarus Group was recently linked to a series of ransomware attacks against major manufacturers in the United States and Europe, aiming to disrupt supply chains and extract ransom payments.
Emerging Trends : The group has been observed shifting towards more financially motivated attacks, including targeting cryptocurrency exchanges and venture capital firms.

...

Also Known As:

Group 77

Gods Disciples

Guardians of Peace

UNC577

UNC4899

+24

Target Countries

Hong Kong

India

Thailand

Bangladesh

Russian Federation

+18

Target Sectors

Public Administration

Space & Defense

Energy & Utilities

National Security&International Affairs

Electrical&Electronical Manufacturing

Associated Malware/Software

osx.manuscrypt

TrojanSpy

RustDoor

Windows

osx.casso

+204

️Related CVEs

ATT&CK IDs:

T1102 - Web Service

T1060

T1053.003

T1566.001

TA0040

+409

Tactic	Id	Technique
Collection	T1213	Data from Information Repositories	Sub Techniques	Detections	Mitigations
Collection	T1039	Data from Network Shared Drive	Sub Techniques	Detections	Mitigations
Collection	T1557	Adversary-in-the-Middle	Sub Techniques	Detections	Mitigations
Collection	T1025	Data from Removable Media	Sub Techniques	Detections	Mitigations
Collection	T1056	Input Capture	Sub Techniques	Detections	Mitigations
Collection	T1560	Archive Collected Data	Sub Techniques	Detections	Mitigations
Collection	T1115	Clipboard Data	Sub Techniques	Detections	Mitigations
Collection	T1074	Data Staged	Sub Techniques	Detections	Mitigations
Collection	T1114	Email Collection	Sub Techniques	Detections	Mitigations
Collection	T1125	Video Capture	Sub Techniques	Detections	Mitigations
Collection	T1530	Data from Cloud Storage	Sub Techniques	Detections	Mitigations
Collection	T1113	Screen Capture	Sub Techniques	Detections	Mitigations
Collection	T1005	Data from Local System	Sub Techniques	Detections	Mitigations
Collection	T1119	Automated Collection	Sub Techniques	Detections	Mitigations
Command And Control	T1104	Multi-Stage Channels	Sub Techniques	Detections	Mitigations
Command And Control	T1219	Remote Access Software	Sub Techniques	Detections	Mitigations
Command And Control	T1572	Protocol Tunneling	Sub Techniques	Detections	Mitigations
Command And Control	T1132	Data Encoding	Sub Techniques	Detections	Mitigations
Command And Control	T1105	Ingress Tool Transfer	Sub Techniques	Detections	Mitigations
Command And Control	T1568	Dynamic Resolution	Sub Techniques	Detections	Mitigations
Command And Control	T1090	Proxy	Sub Techniques	Detections	Mitigations
Command And Control	T1001	Data Obfuscation	Sub Techniques	Detections	Mitigations
Command And Control	T1071	Application Layer Protocol	Sub Techniques	Detections	Mitigations
Command And Control	T1573	Encrypted Channel	Sub Techniques	Detections	Mitigations
Command And Control	T1008	Fallback Channels	Sub Techniques	Detections	Mitigations
Command And Control	T1024	Custom Cryptographic Protocol	Sub Techniques	Detections	Mitigations
Command And Control	T1102	Web Service	Sub Techniques	Detections	Mitigations
Command And Control	T1095	Non-Application Layer Protocol	Sub Techniques	Detections	Mitigations
Command And Control	T1571	Non-Standard Port	Sub Techniques	Detections	Mitigations
Credential Access	T1552	Unsecured Credentials	Sub Techniques	Detections	Mitigations
Credential Access	T1556	Modify Authentication Process	Sub Techniques	Detections	Mitigations
Credential Access	T1557	Adversary-in-the-Middle	Sub Techniques	Detections	Mitigations
Credential Access	T1187	Forced Authentication	Sub Techniques	Detections	Mitigations
Credential Access	T1081	Credentials in Files	Sub Techniques	Detections	Mitigations
Credential Access	T1111	Multi-Factor Authentication Interception	Sub Techniques	Detections	Mitigations
Credential Access	T1056	Input Capture	Sub Techniques	Detections	Mitigations
Credential Access	T1110	Brute Force	Sub Techniques	Detections	Mitigations
Credential Access	T1139	Bash History	Sub Techniques	Detections	Mitigations
Credential Access	T1555	Credentials from Password Stores	Sub Techniques	Detections	Mitigations
Credential Access	T1040	Network Sniffing	Sub Techniques	Detections	Mitigations
Credential Access	T1003	OS Credential Dumping	Sub Techniques	Detections	Mitigations
Defense Evasion	T1027	Obfuscated Files or Information	Sub Techniques	Detections	Mitigations
Defense Evasion	T1556	Modify Authentication Process	Sub Techniques	Detections	Mitigations
Defense Evasion	T1089	Disabling Security Tools	Sub Techniques	Detections	Mitigations
Defense Evasion	T1140	Deobfuscate/Decode Files or Information	Sub Techniques	Detections	Mitigations
Defense Evasion	T1622	Debugger Evasion	Sub Techniques	Detections	Mitigations
Defense Evasion	T1550	Use Alternate Authentication Material	Sub Techniques	Detections	Mitigations
Defense Evasion	T1553	Subvert Trust Controls	Sub Techniques	Detections	Mitigations
Defense Evasion	T1143	Hidden Window	Sub Techniques	Detections	Mitigations
Defense Evasion	T1055	Process Injection	Sub Techniques	Detections	Mitigations
Defense Evasion	T1542	Pre-OS Boot	Sub Techniques	Detections	Mitigations
Defense Evasion	T1574	Hijack Execution Flow	Sub Techniques	Detections	Mitigations
Defense Evasion	T1127	Trusted Developer Utilities Proxy Execution	Sub Techniques	Detections	Mitigations
Defense Evasion	T1078	Valid Accounts	Sub Techniques	Detections	Mitigations
Defense Evasion	T1220	XSL Script Processing	Sub Techniques	Detections	Mitigations
Defense Evasion	T1064	Scripting	Sub Techniques	Detections	Mitigations
Defense Evasion	T1202	Indirect Command Execution	Sub Techniques	Detections	Mitigations
Defense Evasion	T1497	Virtualization/Sandbox Evasion	Sub Techniques	Detections	Mitigations
Defense Evasion	T1112	Modify Registry	Sub Techniques	Detections	Mitigations
Defense Evasion	T1221	Template Injection	Sub Techniques	Detections	Mitigations
Defense Evasion	T1036	Masquerading	Sub Techniques	Detections	Mitigations
Defense Evasion	T1070	Indicator Removal	Sub Techniques	Detections	Mitigations
Defense Evasion	T1562	Impair Defenses	Sub Techniques	Detections	Mitigations
Defense Evasion	T1480	Execution Guardrails	Sub Techniques	Detections	Mitigations
Defense Evasion	T1107	File Deletion	Sub Techniques	Detections	Mitigations
Defense Evasion	T1564	Hide Artifacts	Sub Techniques	Detections	Mitigations
Defense Evasion	T1014	Rootkit	Sub Techniques	Detections	Mitigations
Defense Evasion	T1134	Access Token Manipulation	Sub Techniques	Detections	Mitigations
Defense Evasion	T1548	Abuse Elevation Control Mechanism	Sub Techniques	Detections	Mitigations
Defense Evasion	T1218	System Binary Proxy Execution	Sub Techniques	Detections	Mitigations
Defense Evasion	T1620	Reflective Code Loading	Sub Techniques	Detections	Mitigations
Defense Evasion	T1656	Impersonation	Sub Techniques	Detections	Mitigations
Defense Evasion	T1045	Software Packing	Sub Techniques	Detections	Mitigations
Discovery	T1124	System Time Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1018	Remote System Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1012	Query Registry	Sub Techniques	Detections	Mitigations
Discovery	T1016	System Network Configuration Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1622	Debugger Evasion	Sub Techniques	Detections	Mitigations
Discovery	T1049	System Network Connections Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1083	File and Directory Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1087	Account Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1010	Application Window Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1497	Virtualization/Sandbox Evasion	Sub Techniques	Detections	Mitigations
Discovery	T1063	Security Software Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1057	Process Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1082	System Information Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1518	Software Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1046	Network Service Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1007	System Service Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1040	Network Sniffing	Sub Techniques	Detections	Mitigations
Discovery	T1614	System Location Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1135	Network Share Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1217	Browser Information Discovery	Sub Techniques	Detections	Mitigations
Discovery	T1033	System Owner/User Discovery	Sub Techniques	Detections	Mitigations
Execution	T1059	Command and Scripting Interpreter	Sub Techniques	Detections	Mitigations
Execution	T1155	AppleScript	Sub Techniques	Detections	Mitigations
Execution	T1053	Scheduled Task/Job	Sub Techniques	Detections	Mitigations
Execution	T1559	Inter-Process Communication	Sub Techniques	Detections	Mitigations
Execution	T1064	Scripting	Sub Techniques	Detections	Mitigations
Execution	T1204	User Execution	Sub Techniques	Detections	Mitigations
Execution	T1047	Windows Management Instrumentation	Sub Techniques	Detections	Mitigations
Execution	T1072	Software Deployment Tools	Sub Techniques	Detections	Mitigations
Execution	T1569	System Services	Sub Techniques	Detections	Mitigations
Execution	T1106	Native API	Sub Techniques	Detections	Mitigations
Execution	T1129	Shared Modules	Sub Techniques	Detections	Mitigations
Execution	T1203	Exploitation for Client Execution	Sub Techniques	Detections	Mitigations
Exfiltration	T1048	Exfiltration Over Alternative Protocol	Sub Techniques	Detections	Mitigations
Exfiltration	T1011	Exfiltration Over Other Network Medium	Sub Techniques	Detections	Mitigations
Exfiltration	T1567	Exfiltration Over Web Service	Sub Techniques	Detections	Mitigations
Exfiltration	T1041	Exfiltration Over C2 Channel	Sub Techniques	Detections	Mitigations
Exfiltration	T1022	Data Encrypted	Sub Techniques	Detections	Mitigations
Exfiltration	T1002	Data Compressed	Sub Techniques	Detections	Mitigations
Impact	T1490	Inhibit System Recovery	Sub Techniques	Detections	Mitigations
Impact	T1498	Network Denial of Service	Sub Techniques	Detections	Mitigations
Impact	T1531	Account Access Removal	Sub Techniques	Detections	Mitigations
Impact	T1561	Disk Wipe	Sub Techniques	Detections	Mitigations
Impact	T1485	Data Destruction	Sub Techniques	Detections	Mitigations
Impact	T1499	Endpoint Denial of Service	Sub Techniques	Detections	Mitigations
Impact	T1486	Data Encrypted for Impact	Sub Techniques	Detections	Mitigations
Impact	T1565	Data Manipulation	Sub Techniques	Detections	Mitigations
Impact	T1489	Service Stop	Sub Techniques	Detections	Mitigations
Impact	T1491	Defacement	Sub Techniques	Detections	Mitigations
Impact	T1529	System Shutdown/Reboot	Sub Techniques	Detections	Mitigations
Impact	T1495	Firmware Corruption	Sub Techniques	Detections	Mitigations
Impact	T1496	Resource Hijacking	Sub Techniques	Detections	Mitigations
Initial Access	T1199	Trusted Relationship	Sub Techniques	Detections	Mitigations
Initial Access	T1189	Drive-by Compromise	Sub Techniques	Detections	Mitigations
Initial Access	T1078	Valid Accounts	Sub Techniques	Detections	Mitigations
Initial Access	T1133	External Remote Services	Sub Techniques	Detections	Mitigations
Initial Access	T1195	Supply Chain Compromise	Sub Techniques	Detections	Mitigations
Initial Access	T1091	Replication Through Removable Media	Sub Techniques	Detections	Mitigations
Initial Access	T1566	Phishing	Sub Techniques	Detections	Mitigations
Initial Access	T1192	Spearphishing Link	Sub Techniques	Detections	Mitigations
Initial Access	T1190	Exploit Public-Facing Application	Sub Techniques	Detections	Mitigations
Lateral Movement	T1550	Use Alternate Authentication Material	Sub Techniques	Detections	Mitigations
Lateral Movement	T1021	Remote Services	Sub Techniques	Detections	Mitigations
Lateral Movement	T1017	Application Deployment Software	Sub Techniques	Detections	Mitigations
Lateral Movement	T1563	Remote Service Session Hijacking	Sub Techniques	Detections	Mitigations
Lateral Movement	T1091	Replication Through Removable Media	Sub Techniques	Detections	Mitigations
Lateral Movement	T1072	Software Deployment Tools	Sub Techniques	Detections	Mitigations
Lateral Movement	T1570	Lateral Tool Transfer	Sub Techniques	Detections	Mitigations
Lateral Movement	T1210	Exploitation of Remote Services	Sub Techniques	Detections	Mitigations
Lateral Movement	T1534	Internal Spearphishing	Sub Techniques	Detections	Mitigations
Persistence	T1547	Boot or Logon Autostart Execution	Sub Techniques	Detections	Mitigations
Persistence	T1556	Modify Authentication Process	Sub Techniques	Detections	Mitigations
Persistence	T1031	Modify Existing Service	Sub Techniques	Detections	Mitigations
Persistence	T1098	Account Manipulation	Sub Techniques	Detections	Mitigations
Persistence	T1542	Pre-OS Boot	Sub Techniques	Detections	Mitigations
Persistence	T1137	Office Application Startup	Sub Techniques	Detections	Mitigations
Persistence	T1574	Hijack Execution Flow	Sub Techniques	Detections	Mitigations
Persistence	T1053	Scheduled Task/Job	Sub Techniques	Detections	Mitigations
Persistence	T1078	Valid Accounts	Sub Techniques	Detections	Mitigations
Persistence	T1133	External Remote Services	Sub Techniques	Detections	Mitigations
Persistence	T1136	Create Account	Sub Techniques	Detections	Mitigations
Persistence	T1023	Shortcut Modification	Sub Techniques	Detections	Mitigations
Persistence	T1505	Server Software Component	Sub Techniques	Detections	Mitigations
Persistence	T1176	Browser Extensions	Sub Techniques	Detections	Mitigations
Persistence	T1546	Event Triggered Execution	Sub Techniques	Detections	Mitigations
Persistence	T1037	Boot or Logon Initialization Scripts	Sub Techniques	Detections	Mitigations
Persistence	T1543	Create or Modify System Process	Sub Techniques	Detections	Mitigations
Persistence	T1060	Registry Run Keys / Startup Folder	Sub Techniques	Detections	Mitigations
Persistence	T1138	Application Shimming	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1547	Boot or Logon Autostart Execution	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1068	Exploitation for Privilege Escalation	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1098	Account Manipulation	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1055	Process Injection	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1574	Hijack Execution Flow	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1053	Scheduled Task/Job	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1078	Valid Accounts	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1546	Event Triggered Execution	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1037	Boot or Logon Initialization Scripts	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1543	Create or Modify System Process	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1134	Access Token Manipulation	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1548	Abuse Elevation Control Mechanism	Sub Techniques	Detections	Mitigations
Privilege Escalation	T1138	Application Shimming	Sub Techniques	Detections	Mitigations
Reconnaissance	T1591	Gather Victim Org Information	Sub Techniques	Detections	Mitigations
Reconnaissance	T1595	Active Scanning	Sub Techniques	Detections	Mitigations
Reconnaissance	T1592	Gather Victim Host Information	Sub Techniques	Detections	Mitigations
Reconnaissance	T1589	Gather Victim Identity Information	Sub Techniques	Detections	Mitigations
Reconnaissance	T1596	Search Open Technical Databases	Sub Techniques	Detections	Mitigations
Reconnaissance	T1590	Gather Victim Network Information	Sub Techniques	Detections	Mitigations
Reconnaissance	T1593	Search Open Websites/Domains	Sub Techniques	Detections	Mitigations
Resource Development	T1583	Acquire Infrastructure	Sub Techniques	Detections	Mitigations
Resource Development	T1608	Stage Capabilities	Sub Techniques	Detections	Mitigations
Resource Development	T1586	Compromise Accounts	Sub Techniques	Detections	Mitigations
Resource Development	T1587	Develop Capabilities	Sub Techniques	Detections	Mitigations
Resource Development	T1585	Establish Accounts	Sub Techniques	Detections	Mitigations
Resource Development	T1584	Compromise Infrastructure	Sub Techniques	Detections	Mitigations
Resource Development	T1588	Obtain Capabilities	Sub Techniques	Detections	Mitigations

Total Count : 666

https://attack.mitre.org/groups/G0011

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/dark-river-you-can-t-see-them-but-they-re-there/

https://securelist.com/apt-trends-report-q1-2021/101967/

https://asec.ahnlab.com/en/56405/

https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds

https://www.bleepingcomputer.com/news/security/coinspaid-blames-lazarus-hackers-for-theft-of-37-300-000-in-crypto/

https://www.secureworks.com/research/threat-profiles/nickel-academy

https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/

https://www.youtube.com/watch?v=rjA0Vf75cYk

https://suspected.tistory.com/269

https://www.telsy.com/lazarus-gate/

https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages

https://blog.alyac.co.kr/2105

https://www.reversinglabs.com/blog/red-flags-fly-over-supply-chain-compromised-3cx-update

https://web.archive.org/web/20130607233212/https://www.symantec.com/connect/blogs/south-korean-financial-companies-targeted-castov

https://securelist.com/bluenoroff-methods-bypass-motw/108383/

https://us-cert.cisa.gov/ncas/alerts/aa21-048a

https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf

https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-researchers-with-trojanized-ida-pro/

https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html

https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage

https://norfolkinfosec.com/a-lazarus-keylogger-pslogger/

https://objective-see.com/blog/blog_0x54.html

https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239a

https://objective-see.com/blog/blog_0x5F.html

https://www.flashpoint-intel.com/blog/linguistic-analysis-wannacry-ransomware/

https://www.secureworks.com/research/threat-profiles/bronze-fleetwood

https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Sugarcoating-KANDYKORN-a-sweet-dive-into-a-sophisticated-MacOS-backdoor.pdf

https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and

https://www.hvs-consulting.de/lazarus-report/

https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/

https://malverse.it/analisi-bankshot-copperhedge

https://labs.sentinelone.com/dprk-hidden-cobra-update-north-korean-malicious-cyber-activity/

https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and

https://www.secureworks.com/research/threat-profiles/aluminum-saratoga

https://www.linkedin.com/posts/alessio-di-santo-712348197_iocs-ttps-lazarusgroup-activity-7263976334807220224-N6Ue/

http://www.nartv.org/mirror/ghostnet.pdf

https://www.theguardian.com/world/2009/jul/08/south-korea-cyber-attack

https://unit42.paloaltonetworks.com/atoms/iron-taurus/

https://blogs.jpcert.or.jp/ja/2023/05/dangerouspassword.html

https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/

https://www.bleepingcomputer.com/news/security/fbi-links-north-korean-hackers-to-308-million-crypto-heist/

https://community.broadcom.com/symantecenterprise/viewdocument/attackers-target-dozens-of-global-b

https://app.box.com/s/xyyord0b806e6or2nh92coxw2areyyx4

https://st.drweb.com/static/new-www/news/2021/april/drweb_research_attacks_on_russian_research_institutes_en.pdf

https://twitter.com/ESETresearch/status/1559553324998955010

https://attack.mitre.org/groups/G0082

https://blogs.vmware.com/security/2020/09/detecting-threats-in-real-time-with-active-c2-information.html

https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-brazil

https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/

https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/the-hack-of-sony-pictures-what-you-need-to-know

https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside

https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket

https://slowmist.medium.com/slowmist-our-in-depth-investigation-of-north-korean-apts-large-scale-phishing-attack-on-nft-users-362117600519

https://public.intel471.com/blog/partners-in-crime-north-koreans-and-elite-russian-speaking-cybercriminals/

https://therecord.media/3cx-attack-north-korea-lazarus-group

https://www.bankinfosecurity.com/vietnamese-bank-blocks-1-million-online-heist-a-9105

https://securelist.com/dtrack-targeting-europe-latin-america/107798/

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048d

https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a

https://news.sophos.com/en-us/2019/09/18/the-wannacry-hangover/

https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023

https://securelist.com/lazarus-new-malware/115059/

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048f

https://dragos.com/resource/covellite/

https://www.welivesecurity.com/2021/04/08/are-you-afreight-dark-watch-out-vyveva-new-lazarus-backdoor/

https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/

https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in-widespread-attacks-all-over-the-world/

https://mega.nz/file/lkh1gY5C#93FUlwTwl0y27cfM0jtm4SYnWbtk06d0qoDg1e4eQ6s

https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f04ded49-5b0e-4422-9c6c-4c6e2ed7d3d3

https://asec.ahnlab.com/en/33801/

https://malwareandstuff.com/peb-where-magic-is-stored/

https://www.krcert.or.kr/filedownload.do?attach_file_seq=3277&attach_file_id=EpF3277.pdf

https://www.intezer.com/blog/malware-analysis/chinaz-relations/

https://blogs.jpcert.or.jp/en/2021/01/Lazarus_malware2.html

https://asec.ahnlab.com/en/60792/

https://www.bitdefender.com/files/News/CaseStudies/study/185/Bitdefender-Business-2017-WhitePaper-PZCHAO-crea2452-en-EN-GenericUse.pdf

https://www.youtube.com/watch?v=mrTdSdMMgnk

https://securelist.com/operation-applejeus-sequel/95596/

https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/WannaCry-Aftershock.pdf

https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today

https://blog.lexfo.fr/ressources/Lexfo-WhitePaper-The_Lazarus_Constellation.pdf

https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing

https://objective-see.org/blog/blog_0x73.html

https://sites.temple.edu/care/ci-rw-attacks/

https://research.checkpoint.com/north-korea-turns-against-russian-targets/

https://cyware.com/news/lazarus-hacking-group-expand-their-attack-horizon-by-targeting-an-israeli-defense-company-02e2ec77

https://www.anquanke.com/post/id/223817

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations

https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Tools-Report.pdf

https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/

https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html

https://www.nttsecurity.com/docs/librariesprovider3/default-document-library/craftypanda-analysis-report

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/lazarus-recruitment/

https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0

https://securingtomorrow.mcafee.com/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/

https://attack.mitre.org/groups/G0032/

https://mp.weixin.qq.com/s/2sV-DrleHiJMSpSCW0kAMg

https://www.malwarebytes.com/blog/news/2018/03/hermes-ransomware-distributed-to-south-koreans-via-recent-flash-zero-day

https://github.com/xl7dev/WebShell/blob/master/Asp/RedHat%20Hacker.asp

https://blog.netlab.360.com/dacls-the-dual-platform-rat/

https://thehackernews.com/2022/04/chinese-hackers-target-vmware-horizon.html

https://www.youtube.com/watch?v=uakw2HMGZ-I

https://medium.com/s2wlab/analysis-of-lazarus-malware-abusing-non-activex-module-in-south-korea-7d52b9539c12

https://www.fireeye.com/blog/threat-research/2016/06/apt_group_sends_spea.html

https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf

https://securelist.com/bluenoroff-new-macos-malware/111290/

https://www.bloomberg.com/news/articles/2018-05-29/mexico-foiled-a-110-million-bank-heist-then-kept-it-a-secret

http://contagiodump.blogspot.com/2012/06/rat-samples-from-syrian-targeted.html

https://www.cfr.org/interactive/cyber-operations/lazarus-group

https://www.hhs.gov/sites/default/files/manage-engine-vulnerability-sector-alert-tlpclear.pdf

https://blogs.jpcert.or.jp/en/2022/07/vsingle.html

https://sansec.io/research/north-korea-magecart

https://www.virusbulletin.com/uploads/pdf/conference/vb2023/papers/Lazarus-campaigns-and-backdoors-in-2022-2023.pdf

https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware

https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine

https://www.boho.or.kr/filedownload.do?attach_file_seq=2452&attach_file_id=EpF2452.pdf

https://storage.googleapis.com/pub-tools-public-publication-data/pdf/ce44cbda9fdc061050c1d2a5dec0270874a9dc85.pdf

https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-up-to-no-good-again/

https://blogs.blackberry.com/en/2023/03/initial-implants-and-network-analysis-suggest-the-3cx-supply-chain-operation-goes-back-to-fall-2022

https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group

https://objective-see.com/blog/blog_0x57.html

https://www.darkreading.com/attacks-breaches/north-korean-hacking-group-steals-$135-million-from-indian-bank-/d/d-id/1332678

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/decoding-network-data-from-a-gh0st-rat-variant/

https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/

https://www.bleepingcomputer.com/news/security/us-seizes-sinbad-crypto-mixer-used-by-north-korean-lazarus-hackers/

https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug-180129.pdf

https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html

https://www.secureworks.com/research/threat-profiles/bronze-edison

https://www.us-cert.gov/ncas/alerts/TA17-164A

https://www.newyorker.com/magazine/2021/04/26/the-incredible-rise-of-north-koreas-hacking-army

https://blog.macnica.net/blog/2020/11/dtrack.html

https://www.secureworks.com/research/threat-profiles/iron-viking

https://github.com/0xZuk0/rules-of-yaras/blob/main/reports/Wannacry%20Ransomware%20Report.pdf

https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html

https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/how-cybercriminals-abuse-cloud-tunneling-services

https://news.sophos.com/en-us/2021/03/15/dearcry-ransomware-attacks-exploit-exchange-server-vulnerabilities/

https://home.treasury.gov/index.php/news/press-releases/sm774

https://securelist.com/the-lazarus-group-deathnote-campaign/109490/

https://asec.ahnlab.com/ko/47751/

https://www.brighttalk.com/webcast/18282/493986

https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn

https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf

https://exchange.xforce.ibmcloud.com/threat-group/0c0c39d309b5c7f00a0a7edd54bb025e

https://st.drweb.com/static/new-www/news/2020/october/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en.pdf

https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf

https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388

https://marcoramilli.com/2019/11/04/is-lazarus-apt38-targeting-critical-infrastructures/

https://attack.mitre.org/groups/G0001/

https://intel471.com/blog/china-cybercrime-undergrond-deepmix-tea-horse-road-great-firewall/

https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

https://www.secureworks.com/research/threat-profiles/bronze-globe

https://raw.githubusercontent.com/yt0ng/cracking_softcell/main/Cracking_SOFTCLL_TLP_WHITE.pdf

https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf

https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/

https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk

https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-40-LunghiHorejsi.pdf

https://blog.talosintelligence.com/lazarus-quiterat/

https://web.archive.org/web/20160527050022/https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks

https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/

https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/

https://blog.talosintelligence.com/2022/06/avoslocker-new-arsenal.html

https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/

https://blog.talosintelligence.com/2019/01/fake-korean-job-posting.html

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf

https://objective-see.com/blog/blog_0x49.html

https://attack.mitre.org/groups/G0026

https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf

https://www.trmlabs.com/post/inside-north-koreas-crypto-heists

https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf

https://i.blackhat.com/eu-20/Wednesday/eu-20-Rivera-From-Zero-To-Sixty-The-Story-Of-North-Koreas-Rapid-Ascent-To-Becoming-A-Global-Cyber-Superpower.pdf

https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344

https://www.cyberbit.com/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/

https://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/

https://web.archive.org/web/20131123012339/https://www.symantec.com/connect/blogs/trojankoredos-comes-unwelcomed-surprise

https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-1/

https://doubleagent.net/fastcash-for-linux/

https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/

https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/

https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf

https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues/

https://labs.bitdefender.com/wp-content/uploads/downloads/operation-pzchao-inside-a-highly-specialized-espionage-infrastructure/

https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/

https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDF

https://www.cisa.gov/uscert/ncas/alerts/aa22-187a

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/

https://www.cfr.org/interactive/cyber-operations/covellite

http://blog.emsisoft.com/2017/05/12/wcry-ransomware-outbreak/

https://www.bleepingcomputer.com/news/security/dprk-hacking-groups-breach-south-korean-defense-contractors/

https://www.elliptic.co/blog/how-the-lazarus-group-is-stepping-up-crypto-hacks-and-changing-its-tactics

https://www.group-ib.com/blog/apt-lazarus-python-scripts/

https://securityintelligence.com/posts/direct-kernel-object-manipulation-attacks-etw-providers/

https://content.fireeye.com/apt/rpt-apt38

https://media.defense.gov/2023/Feb/09/2003159161/-1/-1/0/CSA_RANSOMWARE_ATTACKS_ON_CI_FUND_DPRK_ACTIVITIES.PDF

https://www.secureworks.com/research/threat-profiles/bronze-union

https://www.reversinglabs.com/blog/vmconnect-supply-chain-campaign-continues

https://ti.qianxin.com/blog/articles/Analysis-of-attacks-by-Lazarus-using-Daewoo-shipyard-as-bait/

https://thehackernews.com/2023/03/lazarus-group-exploits-zero-day.html

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048c

https://www.documentcloud.org/documents/4834259-Park-Jin-Hyok-Complaint.html

https://www.zscaler.com/blogs/security-research/analysis-lilithbot-malware-and-eternity-threat-group

https://research.openanalysis.net/3cx/northkorea/apt/triage/2023/03/30/3cx-malware.html#Functionality

https://us-cert.cisa.gov/ncas/alerts/aa22-108a

https://unit42.paloaltonetworks.com/unit42-blockbuster-saga-continues/

https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf

https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/

https://www.bleepingcomputer.com/news/security/lazarus-group-deploys-its-first-mac-malware-in-cryptocurrency-exchange-hack/

https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf

http://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html

https://vipyrsec.com/research/elf64-rat-malware/

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

https://www.bleepingcomputer.com/news/security/north-korean-hackers-stole-research-data-in-two-month-long-breach/

https://dragos.com/adversaries.html

https://www.boho.or.kr/filedownload.do?attach_file_seq=2612&attach_file_id=EpF2612.pdf

https://securelist.com/operation-applejeus/87553/

https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html?m=1

https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/

https://www.ibtimes.sg/covid-19-relief-north-korea-hackers-lazarus-planning-massive-attack-us-uk-japan-singapore-47072

https://cocomelonc.github.io/tutorial/2021/09/04/simple-malware-av-evasion.html

https://marcoramilli.com/2021/01/09/c2-traffic-patterns-personal-notes/

https://www.secrss.com/articles/18635

https://risky.biz/whatiswinnti/

https://www.intezer.com/wp-content/uploads/2021/02/Intezer-2020-Go-Malware-Round-Up.pdf

https://www.us-cert.gov/ncas/analysis-reports/ar20-133a

https://unit42.paloaltonetworks.com/tdrop2-attacks-suggest-dark-seoul-attackers-return/

https://i.blackhat.com/USA-20/Wednesday/us-20-Perlow-FASTCash-And-INJX_Pure-How-Threat-Actors-Use-Public-Standards-For-Financial-Fraud-wp.pdf

https://labs.sentinelone.com/the-deadly-planeswalker-how-the-trickbot-group-united-high-tech-crimeware-apt/

https://asec.ahnlab.com/ko/53832/

https://tccontre.blogspot.com/2021/02/gh0strat-anti-debugging-nested-seh-try.html

https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

https://www.vkremez.com/2019/10/lets-learn-dissecting-lazarus-windows.html

https://www.sygnia.co/mata-framework

https://unit42.paloaltonetworks.com/unit42-the-blockbuster-sequel/

https://www.fbi.gov/news/press-releases/fbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Cyber-Sicherheitslage/Analysen-und-Prognosen/Threat-Intelligence/Aktive_APT-Gruppen/aktive-apt-gruppen_node.html

https://www.symantec.com/security-center/writeup/2018-021216-4405-99#technicaldescription

https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/

https://www.us-cert.gov/ncas/analysis-reports/ar20-045a

https://securelist.com/my-name-is-dtrack/93338/

https://www.securonix.com/blog/securonix-threat-labs-monthly-intelligence-insights-june-2023/

https://brandefense.io/blog/apt-groups/lazarus-apt-group-apt38/

https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/

https://asec.ahnlab.com/ko/56256/

https://web.archive.org/web/20170311192337/http://download01.norman.no:80/documents/ThemanyfacesofGh0stRat.pdf

https://www.cfr.org/interactive/cyber-operations/compromise-cryptocurrency-exchanges-south-korea

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-north-korea-indictment

https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack

https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-2021-threat-report.pdf

https://twitter.com/kucher1n/status/1642886340105601029?t=3GCn-ZhDjqWEMXya_PKseg

https://blogs.vmware.com/security/2022/11/threat-analysis-active-c2-discovery-using-protocol-emulation-part4-dacls-aka-mata.html

https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/

https://threatpost.com/operation-blockbuster-coalition-ties-destructive-attacks-to-lazarus-group/116422/

https://www.sentinelone.com/blog/the-blindingcan-rat-and-malicious-north-korean-activity/

https://technical.nttsecurity.com/post/102fnog/targeted-trickbot-activity-drops-powerbrace-backdoor

https://attack.mitre.org/groups/G0032

https://www.cisa.gov/uscert/sites/default/files/publications/AA22-108A-TraderTraitor-North_Korea_APT_Targets_Blockchain_Companies.pdf

https://www.zscaler.com/blogs/security-research/catching-rats-over-custom-protocols

https://www.trendmicro.com/en_us/research/21/d/water-pamola-attacked-online-shops-via-malicious-orders.html

https://medium.com/threat-intel/lazarus-attacks-wannacry-5fdeddee476c

https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Lazarus-targets-defense-industry-with-Threatneedle-En.pdf

https://www.acalvio.com/lateral-movement-technique-employed-by-hidden-cobra/

https://www.3cx.com/blog/news/mandiant-security-update2/

https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/

https://blog.comae.io/wannacry-new-variants-detected-b8908fefea7e

https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970

https://threatrecon.nshc.net/2019/01/23/sectora01-custom-proxy-utility-tool-analysis/

https://asec.ahnlab.com/en/32572/

https://media.ccc.de/v/froscon2021-2670-der_cyber-bankraub_von_bangladesch

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048a

https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/

https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/

https://www.threatray.com/blog/establishing-the-tigerrat-and-tigerdownloader-malware-families

http://report.threatbook.cn/LS.pdf

https://twitter.com/VK_Intel/status/1182730637016481793

https://github.com/werkamsus/Lilith

https://blog.talosintelligence.com/lazarus-collectionrat/

https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack

https://norfolkinfosec.com/osint-reporting-on-dprk-and-ta505-overlap/

https://blog.cyble.com/2022/07/12/new-ransomware-groups-on-the-rise/

https://asec.ahnlab.com/wp-content/uploads/2023/10/20231013_Lazarus_OP.Dream_Magic.pdf

https://www.bleepingcomputer.com/news/security/us-sanctions-crypto-mixer-tornado-cash-used-by-north-korean-hackers/

https://www.secureworks.com/research/wcry-ransomware-analysis

https://hub.elliptic.co/analysis/north-korea-s-lazarus-group-likely-responsible-for-35-million-atomic-crypto-theft/

http://blog.nsfocus.net/stumbzarus-apt-lazarus/

https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

https://asec.ahnlab.com/en/48223/

https://www.welivesecurity.com/2017/02/16/demystifying-targeted-malware-used-polish-banks/

https://us-cert.cisa.gov/ncas/alerts/aa20-345a

https://s.tencent.com/research/report/836.html

https://asec.ahnlab.com/en/53132/

https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/stonefly-north-korea-espionage

https://objective-see.com/blog/blog_0x53.html

https://www.us-cert.gov/ncas/analysis-reports/ar19-252a

https://www.cyberscoop.com/north-korea-hackers-lazarus-group-israel-defense/

https://dissectingmalwa.re/third-times-the-charm-analysing-wannacry-samples.html

https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf

https://i.blackhat.com/USA-20/Wednesday/us-20-Perlow-FASTCash-And-INJX_Pure-How-Threat-Actors-Use-Public-Standards-For-Financial-Fraud.pdf

https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt

https://asec.ahnlab.com/en/55369/

https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/

https://www.darkreading.com/remote-workforce/dprk-using-unpatched-zimbra-devices-to-spy-on-researchers-

https://youtu.be/8hJyLkLHH8Q?t=1208

https://www.symantec.com/connect/blogs/trojankoredos-comes-unwelcomed-surprise

https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists

https://unit42.paloaltonetworks.com/unit42-operation-blockbuster-goes-mobile/

https://asec.ahnlab.com/wp-content/uploads/2021/11/Lazarus-%EA%B7%B8%EB%A3%B9%EC%9D%98-NukeSped-%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C-%EB%B6%84%EC%84%9D-%EB%B3%B4%EA%B3%A0%EC%84%9C.pdf

https://therecord.media/coinex-confirms-hack-after-31-million-allegedly-stolen

https://securelist.com/lazarus-trojanized-defi-app/106195/

http://www.intezer.com/lazarus-group-targets-more-cryptocurrency-exchanges-and-fintech-companies/

https://www.secureworks.com/research/threat-profiles/nickel-gladstone

https://labs.k7computing.com/index.php/lazarus-apts-operation-interception-uses-signed-binary/

http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks

https://www.3cx.com/blog/news/mandiant-initial-results/

https://asec.ahnlab.com/en/57685/

https://www.computing.co.uk/ctg/news/3074007/lazarus-rises-warning-over-new-hoplight-malware-linked-with-north-korea

https://cofense.com/blog/open-source-gh0st-rat-still-haunting-inboxes-15-years-after-release/

https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/

https://attack.mitre.org/groups/G0096

https://www.anquanke.com/post/id/230161

https://adeo.com.tr/wp-content/uploads/2020/05/ADEO-Lazarus-APT38.pdf

https://www.reversinglabs.com/blog/vmconnect-malicious-pypi-packages-imitate-popular-open-source-modules

https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage

https://therecord.media/coinex-cryptocurrency-heist-north-korea

https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam

https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf

https://blog.google/threat-analysis-group/countering-threats-north-korea/

http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/

https://securelist.com/unveiling-lazarus-new-campaign/110888/

https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/

https://www.trmlabs.com/post/north-korean-hackers-stole-600-million-in-crypto-in-2023

https://threatray.com/wp-content/uploads/2021/12/threatray-establishing-the-tigerrat-and-tigerdownloader-malware-families.pdf

https://krebsonsecurity.com/2017/05/u-k-hospitals-hit-in-widespread-ransomware-attack/

https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

https://hackcon.org/uploads/327/05%20-%20Kwak.pdf

https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/

https://blog.talosintelligence.com/2019/09/panda-evolution.html

https://blog.malwarebytes.com/cybercrime/2017/05/how-did-wannacry-ransomworm-spread/

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

https://www.reuters.com/article/us-cyber-heist-swift-specialreport-idUSKCN0YB0DD

https://securelist.com/apt-trends-report-q2-2020/97937/

https://themoscowtimes.com/news/wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984

https://sansorg.egnyte.com/dl/3P3HxFiNgL

https://vblocalhost.com/uploads/VB2021-Park.pdf

https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing

https://threatbook.cn/ppt/The%2520Nightmare%2520of%2520Global%2520Cryptocurrency%2520Companies%2520-%2520Demystifying%2520the%2520%25E2%2580%259CDangerousPassword%25E2%2580%259D%2520of%2520the%2520APT%2520Organization.pdf

https://www.cisa.gov/news-events/analysis-reports/ar18-165a

https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits

https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader

https://blogs.jpcert.or.jp/en/2021/03/Lazarus_malware3.html

https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability/

https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america/

https://www.riskiq.com/blog/labs/lazarus-group-cryptocurrency/

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/

https://swanleesec.github.io/posts/Malware-Lazarus-group's-Brambul-worm-of-the-former-Wannacry-1

https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html

https://www.cfr.org/interactive/cyber-operations/operation-ghostsecret

https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf

https://asec.ahnlab.com/ko/58215/

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180231/LazarusUnderTheHood_PDF_final_for_securelist.pdf

https://www.us-cert.gov/ncas/analysis-reports/ar20-045b

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-hermit-kingdoms-ransomware-play.html

https://twitter.com/RedDrip7/status/1595365451495706624

https://www.youtube.com/watch?v=LUxOcpIRxmg

https://www.us-cert.gov/ncas/analysis-reports/AR19-100A

https://www.sysnet.ucsd.edu/sysnet/miscpapers/darkmatter-www20.pdf

https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/

https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3/

https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q2-2023-q3-2023.pdf

https://www.us-cert.gov/ncas/analysis-reports/ar19-304a

https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/

https://threatpost.com/lazarus-apt-spinoff-linked-to-banking-hacks/124746/

https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto

https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/

https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html

https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf

https://cybersecurity.att.com/blogs/labs-research/lazarus-campaign-ttps-and-evolution

http://www.malware-traffic-analysis.net/2018/01/04/index.html

https://www.us-cert.gov/ncas/alerts/TA18-149A

https://therecord.media/north-korea-accused-of-orchestrating-100-million-harmony-crypto-hack/

https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/

https://twitter.com/KevinPerlow/status/1160766519615381504

https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html

https://www.attackiq.com/2023/01/05/emulating-the-highly-sophisticated-north-korean-adversary-lazarus-group/

https://blog.trendmicro.com/trendlabs-security-intelligence/ratankba-watering-holes-against-enterprises/

https://www.cyberbit.com/dtrack-apt-malware-found-in-nuclear-power-plant/

https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023

https://cocomelonc.github.io/tutorial/2021/09/06/simple-malware-av-evasion-2.html

https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/

https://www.sentinelone.com/blog/dprk-crypto-theft-macos-rustbucket-droppers-pivot-to-deliver-kandykorn-payloads/

https://vxhive.blogspot.com/2020/11/deep-dive-into-hermes-ransomware.html

https://blogs.jpcert.or.jp/en/2021/10/gh0sttimes.html

https://cocomelonc.github.io/tutorial/2022/05/09/malware-pers-4.html

https://twitter.com/h2jazi/status/1681426768597778440

https://research.nccgroup.com/2022/05/05/north-koreas-lazarus-and-their-initial-access-trade-craft-using-social-media-and-social-engineering/

https://symantec-blogs.broadcom.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware

https://www.youtube.com/watch?v=nUjxH1gW53s

http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/

http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf

https://www.il-pib.pl/czasopisma/JTIT/2019/1/113.pdf

https://global.ahnlab.com/global/upload/download/techreport/[AhnLab]Andariel_a_Subgroup_of_Lazarus%20(3).pdf

https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war

https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-berberoka.pdf

https://raw.githubusercontent.com/eric-erki/APT_CyberCriminal_Campagin_Collections/master/2017/2017.05.30.Lazarus_Arisen/Group-IB_Lazarus.pdf

https://www.anomali.com/blog/evidence-of-stronger-ties-between-north-korea-and-swift-banking-attacks

https://github.com/649/APT38-DYEPACK

https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/

https://blog.malwarebytes.com/threat-analysis/2012/10/dark-comet-2-electric-boogaloo/

https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html

https://github.com/monoxgas/sRDI

https://www.bleepingcomputer.com/news/cryptocurrency/coinstats-says-north-korean-hackers-breached-1-590-crypto-wallets/

https://blogs.jpcert.or.jp/en/2020/09/BLINDINGCAN.html

https://www.theverge.com/2022/3/29/23001620/sky-mavis-axie-infinity-ronin-blockchain-validation-defi-hack-nft

https://www.cisa.gov/uscert/ncas/alerts/TA18-275A

https://www.trendmicro.com/en_us/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html

https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/

https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf

https://www.us-cert.gov/ncas/analysis-reports/AR18-149A

https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2023/10/18092216/Updated-MATA-attacks-Eastern-Europe_full-report_ENG.pdf

https://mp.weixin.qq.com/s/nnLqUBPX8xZ3hCr5u-iSjQ

https://blogs.vmware.com/security/2023/03/investigating-3cx-desktop-application-attacks-what-you-need-to-know.html

https://www.mandiant.com/resources/blog/lightshift-and-lightshow

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/

https://www.us-cert.gov/ncas/analysis-reports/ar20-045c

https://www.symantec.com/connect/blogs/duuzer-back-door-trojan-targets-south-korea-take-over-computers

https://blog.trendmicro.com/trendlabs-security-intelligence/what-we-can-learn-from-the-bangladesh-central-bank-cyber-heist/

https://www.us-cert.gov/ncas/analysis-reports/AR19-129A

https://www.trendmicro.com/en_us/research/21/l/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations.html

https://www.youtube.com/watch?v=Q90uZS3taG0

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-summary-of-our-latest-analysis/

https://blogs.jpcert.or.jp/en/2020/08/Lazarus-malware.html

https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/

https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/

https://blog.qualys.com/vulnerabilities-threat-research/2022/02/08/lolzarus-lazarus-group-incorporating-lolbins-into-campaigns

https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack

https://blog.naver.com/checkmal/223416580495

https://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html

https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/

https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/

https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing

https://norfolkinfosec.com/dprk-malware-targeting-security-researchers/

https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/

https://apt.etda.or.th/cgi-bin/showcard.cgi?u=41dcfaff-d5f0-484d-8649-ef8c61588eec

https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/

https://www.slideshare.net/codeblue_jp/cb19-cyber-threat-landscape-in-japan-revealing-threat-in-the-shadow-by-chi-en-shen-ashley-oleg-bondarenko

https://www.secureworks.com/research/threat-profiles/copper-fieldstone

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/webworm-espionage-rats

https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox

https://objective-see.org/blog/blog_0x74.html

https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/

https://home.treasury.gov/news/press-releases/sm924

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/

https://www.mandiant.com/resources/blog/north-korea-supply-chain

https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/

https://posts.specterops.io/introducing-venator-a-macos-tool-for-proactive-detection-34055a017e56

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical

https://blog.cylance.com/the-ghost-dragon

http://www.issuemakerslab.com/research3/

https://www.datanet.co.kr/news/articleView.html?idxno=133346

https://www.welivesecurity.com/2017/01/05/killdisk-now-targeting-linux-demands-250k-ransom-cant-decrypt

https://github.com/jeFF0Falltrades/IoCs/blob/master/APT/dtrack_lazarus_group.md

https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-action-disrupt-illicit-revenue-generation

https://www.malwarebytes.com/blog/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048b

https://www.us-cert.gov/ncas/alerts/TA17-318A

https://www.cadosecurity.com/forensic-triage-of-a-windows-system-running-the-backdoored-3cx-desktop-app/

https://securelist.com/cryptocurrency-businesses-still-being-targeted-by-lazarus/90019/

https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/

https://eng.nis.go.kr/common/download.do?type=&seq=8E464392CD0485169FA97278AEE8B607

https://twitter.com/ShadowChasing1/status/1399369260577681426?s=20

https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020OverWatchNowheretoHide.pdf

https://objective-see.com/blog/blog_0x51.html

https://blog.comae.io/wannacry-the-largest-ransom-ware-infection-in-history-f37da8e30a58

https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf

https://cybergeeks.tech/a-detailed-analysis-of-lazarus-malware-disguised-as-notepad-shell-extension/

http://baesystemsai.blogspot.de/2016/05/cyber-heist-attribution.html

https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/

https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247505438&idx=1&sn=cf1947c7af6581f4a66460ae6d14dc2f

https://global.ahnlab.com/global/upload/download/techreport/%5BAhnLab%5DAndariel_a_Subgroup_of_Lazarus%20(3).pdf

https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised

https://www.cisa.gov/uscert/ncas/alerts/aa20-239a

https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group/#sf174581990

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048g

https://web.archive.org/web/20140816135909/https://www.symantec.com/connect/blogs/inside-back-door-attack

https://swanleesec.github.io/posts/Malware-Lazarus-group's-Brambul-worm-of-the-former-Wannacry-2

https://docs.huihoo.com/rsaconference/usa-2014/anf-t07b-the-art-of-attribution-identifying-and-pursuing-your-cyber-adversaries-final.pdf

https://twitter.com/BitsOfBinary/status/1321488299932983296

https://drive.google.com/file/d/1XoGQFEJQ4nFAUXSGwcnTobviQ_ms35mG/view

https://blog.talosintelligence.com/2020/11/crat-and-plugins.html

https://blogs.blackberry.com/en/2021/10/drawing-a-dragon-connecting-the-dots-to-find-apt41

https://www.zdnet.com/article/google-north-korean-hackers-have-targeted-security-researchers-via-social-media/

https://cn.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.102_ENG%20(4).pdf

https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html

https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight

https://blog.malwarebytes.com/threat-analysis/2019/03/the-advanced-persistent-threat-files-lazarus-group/

https://www.clearskysec.com/wp-content/uploads/2020/06/CryptoCore_Group.pdf

https://securelist.com/lazarus-threatneedle/100803/

https://www.telsy.com/download/5394/?uid=28b0a4577e

https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

https://www.theregister.co.uk/2019/04/10/lazarus_group_malware/

https://www.us-cert.gov/ncas/analysis-reports/ar20-045e

https://baesystemsai.blogspot.com/2017/02/lazarus-watering-hole-attacks.html

https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.102_ENG%20(4).pdf

https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/

https://github.com/hvs-consulting/ioc_signatures/tree/main/Lazarus_APT37

https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/

https://www.seqrite.com/blog/rat-used-by-chinese-cyberspies-infiltrating-indian-businesses/

https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf

http://www.hexblog.com/?p=1248

https://asec.ahnlab.com/wp-content/uploads/2022/09/Analysis-Report-on-Lazarus-Groups-Rootkit-Attack-Using-BYOVD_Sep-22-2022.pdf

https://medium.com/ax1al/reversing-ryuk-eef8ffd55f12

https://blog.talosintelligence.com/lazarus-three-rats/

https://twitter.com/BitsOfBinary/status/1337330286787518464

https://www.cisa.gov/uscert/ncas/alerts/aa22-108a

https://securelist.com/big-threats-using-code-similarity-part-1/97239/

https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239b

https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/

https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf

https://vb2020.vblocalhost.com/conference/presentations/unveiling-the-cryptomimic/

https://blog.cyble.com/2023/03/31/a-comprehensive-analysis-of-the-3cx-attack

https://go.recordedfuture.com/hubfs/reports/cta-2023-1130.pdf

https://asec.ahnlab.com/en/54195/

https://www.us-cert.gov/ncas/analysis-reports/AR18-165A

https://blog.bushidotoken.net/2020/06/deep-dive-darkhotel-apt.html

https://www.nytimes.com/2013/03/21/world/asia/south-korea-computer-network-crashes.html

https://www.us-cert.gov/ncas/analysis-reports/ar20-045g

https://baesystemsai.blogspot.com/2017/02/lazarus-false-flag-malware.html

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/

https://www.intezer.com/blog-chinaz-relations/

https://dragos.com/media/2017-Review-Industrial-Control-System-Threats.pdf

https://www.gendigital.com/blog/news/innovation/lazarus-fudmodule-v3

https://securelist.com/apt-trends-report-q2-2019/91897/

https://www.youtube.com/watch?v=1NkzTKkEM2k

https://medium.com/insomniacs/what-happened-between-the-bigbadwolf-and-the-tiger-925549a105b2

https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74

https://www.us-cert.gov/ncas/alerts/TA17-318B

https://www.kaspersky.com/about/press-releases/2017_chasing-lazarus-a-hunt-for-the-infamous-hackers-to-prevent-large-bank-robberies

https://download.hauri.net/DownSource/down/dwn_detail_down.html?uid=55

https://github.com/Hildaboo/Unidentified081Server

https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html

https://yoroi.company/research/a-deep-dive-into-eternity-group-a-new-emerging-cyber-threat/

http://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html

https://drive.google.com/file/d/1lq0Sjw4FKBxf017Ss7W7uGMvs7CgFzcA/view

https://vblocalhost.com/uploads/VB2021-Lee-etal.pdf

https://securelist.com/it-threat-evolution-q2-2023/110355/

https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/

https://www.tgsoft.it/files/report/download.asp?id=7481257469

https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/pf/apt/rpt-apt38-2018.pdf

https://eromang.zataz.com/tag/agentbase-exe/

https://securelist.com/blog/sas/77908/lazarus-under-the-hood/

https://www.sentinelone.com/wp-content/uploads/2022/02/Modified-Elephant-APT-and-a-Decade-of-Fabricating-Evidence-SentinelLabs.pdf

https://securityscorecard.com/wp-content/uploads/2025/01/Report_011325_Strike_Operation99.pdf

https://blog.reversinglabs.com/blog/hidden-cobra

https://www.elliptic.co/blog/north-korean-hackers-return-to-tornado-cash-despite-sanctions

https://www.cisecurity.org/insights/blog/top-10-malware-march-2022

https://asec.ahnlab.com/en/34461/

https://www.us-cert.gov/ncas/alerts/TA18-275A

https://www.sentinelone.com/blog/bluenoroff-how-dprks-macos-rustbucket-seeks-to-evade-analysis-and-detection/

https://baesystemsai.blogspot.de/2017/05/wanacrypt0r-ransomworm.html

https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf

https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html

https://www.us-cert.gov/ncas/alerts/aa20-106a

https://twitter.com/greglesnewich/status/1742575613834084684

https://ti.qianxin.com/uploads/2020/02/13/cb78386a082f465f259b37dae5df4884.pdf

https://www.welivesecurity.com/2020/11/16/lazarus-supply-chain-attack-south-korea/

https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/

https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479

https://medium.com/@DCSO_CyTec/andariels-jupiter-malware-and-the-case-of-the-curious-c2-dbfe29f57499

https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/

https://www.symantec.com/connect/blogs/south-korean-financial-companies-targeted-castov

https://usa.kaspersky.com/about/press-releases/2021_apt-actor-lazarus-attacks-defense-industry-develops-supply-chain-attack-capabilities

https://web.archive.org/web/20200922165625/https://dcso.de/2019/03/18/enterprise-malware-as-a-service/

https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf

https://blog.sekoia.io/bluenoroffs-rustbucket-campaign/

https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-G.PDF

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-108a

https://norfolkinfosec.com/dprk-targeting-researchers-ii-sys-payload-and-registry-hunting/

https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

https://www.group-ib.com/blog/btc_changer

https://www.cisa.gov/news-events/analysis-reports/ar20-232a

https://securelist.com/lazarus-under-the-hood/77908/

https://youtu.be/_kzFNQySEMw?t=789

https://stairwell.com/wp-content/uploads/2022/07/Stairwell-Threat-Report-Maui-Ransomware.pdf

https://blog.sekoia.io/the-dprk-delicate-sound-of-cyber/

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/

https://www.splunk.com/en_us/blog/security/splunk-insights-investigating-the-3cxdesktopapp-supply-chain-compromise.html

https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-cloud-snooper-report.pdf

https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf

https://web.archive.org/web/20130701021735/https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war

https://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/

https://www.bleepingcomputer.com/news/security/north-korean-hackers-linked-to-defense-sector-supply-chain-attack/

https://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks

https://brandefense.io/blog/apt-groups/mythic-leopard-apt-group/

https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity

https://www.us-cert.gov/ncas/analysis-reports/ar20-045f

https://twitter.com/ccxsaber/status/1277064824434745345

https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/

https://www.group-ib.com/blog/3cx-supply-chain-attack/?utm_source=twitter&utm_campaign=3cx-blog&utm_medium=social

https://www.dropbox.com/s/hpr9fas9xbzo2uz/Whitepaper WannaCry Ransomware.pdf?dl=0

https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/

https://blog.gdatasoftware.com/2017/05/29751-wannacry-ransomware-campaign

https://any.run/cybersecurity-blog/darkcomet-rat-technical-analysis/

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/clasiopa-materials-research

https://attack.mitre.org/groups/G0034

https://www.us-cert.gov/ncas/alerts/TA14-353A

https://www.us-cert.gov/ncas/analysis-reports/ar20-045d

https://blog.nviso.eu/2022/02/24/threat-update-ukraine-russia-tensions/

https://securelist.com/apt-trends-report-q3-2020/99204/

https://www.youtube.com/watch?v=9nuo-AGg4p4

https://www.us-cert.gov/ncas/current-activity/2020/05/12/north-korean-malicious-cyber-activity

https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/

https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf

http://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.html

https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf

https://www.microsoft.com/en-us/security/blog/2022/09/29/zinc-weaponizing-open-source-software/

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-048e

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/

https://securityintelligence.com/posts/defensive-considerations-lazarus-fudmodule/

https://blog.prevailion.com/2020/06/the-gh0st-remains-same8.html

https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a

https://www.bleepingcomputer.com/news/security/debridge-finance-crypto-platform-targeted-by-lazarus-hackers/

https://www.prevailion.com/the-gh0st-remains-the-same-2/

https://www.us-cert.gov/ncas/analysis-reports/AR18-221A

https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-latin-american-financial-organizations-again/

https://www.zscaler.com/security-research/3CX-supply-chain-attack-analysis-march-2023

https://www.virusbulletin.com/uploads/pdf/magazine/2018/VB2018-Kalnai-Poslusny.pdf

https://blogs.jpcert.or.jp/en/2022/07/yamabot.html

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA%3D%3D&mid=2247499462&idx=1&sn=7cc55f3cc2740e8818648efbec21615f

https://asec.ahnlab.com/en/57736/

https://securityscorecard.com/wp-content/uploads/2025/02/Operation-Marstech-Mayhem-Report_021025_03.pdf

https://www.youtube.com/watch?v=fTX-vgSEfjk

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/

https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf

https://news.sophos.com/en-us/2022/03/17/the-ransomware-threat-intelligence-center/

https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf

https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability

https://securityscorecard.com/wp-content/uploads/2025/01/Operation-Phantom-Circuit-Report_012725_03.pdf

https://asec.ahnlab.com/ko/22975/

https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new

https://unit42.paloaltonetworks.com/operation-diplomatic-specter/

https://github.com/fboldewin/FastCashMalwareDissected/

https://blogs.vmware.com/security/2021/12/tigerrat-advanced-adversaries-on-the-prowl.html

https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats

https://www.bleepingcomputer.com/news/security/fbi-links-largest-crypto-hack-ever-to-north-korean-hackers/

https://blog.netlab.360.com/dacls-the-dual-platform-rat-en/

https://www.bankinfosecurity.com/south-korea-sanctions-pyongyang-hackers-a-21193

http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf

https://www.comae.com/posts/pandorabox-north-koreans-target-security-researchers/

https://jsac.jpcert.or.jp/archive/2024/pdf/JSAC2024_1_6_dongwook-kim_seulgi-lee_en.pdf

https://www.youtube.com/watch?v=zGvQPtejX9w

https://github.com/dodo-sec/Malware-Analysis/blob/main/SmoothOperator/SmoothOperator.md

https://twitter.com/X__Junior/status/1743193763000828066

https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=5b9850b9-0fdd-48a9-b595-9234207ae7df&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments

https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/

https://lifars.com/wp-content/uploads/2021/09/Lazarus.pdf

https://asec.ahnlab.com/ko/40495/

Threat Reports

Threat Reports