APT_REPORT/lazarus at master · blackorbird/APT_REPORT · GitHub

Name		Name	Last commit message	Last commit date
parent directory ..
3CXSupplyChain		3CXSupplyChain
MATA		MATA
sample		sample
20231013_Lazarus_OP.Dream_Magic.pdf		20231013_Lazarus_OP.Dream_Magic.pdf
C2_Communication_of_ThreatNeedle.pdf		C2_Communication_of_ThreatNeedle.pdf
CryptoCore-Lazarus-Clearsky.pdf		CryptoCore-Lazarus-Clearsky.pdf
Dream-Job-Campaign.pdf		Dream-Job-Campaign.pdf
Dtrack RAT.zip		Dtrack RAT.zip
Lazarus Group Recruitment_ Threat Hunters vs Head Hunters.pdf		Lazarus Group Recruitment_ Threat Hunters vs Head Hunters.pdf
Operation-Blockbuster-Report.pdf		Operation-Blockbuster-Report.pdf
README.MD		README.MD
The Nightmare of Global Cryptocurrency Companies DangerousPassword of the APT Organization.pdf		The Nightmare of Global Cryptocurrency Companies DangerousPassword of the APT Organization.pdf
The_Lazarus_Constellation.pdf		The_Lazarus_Constellation.pdf
WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf		WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf
kaspersky-ics-cert-lazarus-targets-defense-industry-with-threatneedle-en-20210225.pdf		kaspersky-ics-cert-lazarus-targets-defense-industry-with-threatneedle-en-20210225.pdf
lazarus-powershell.zip		lazarus-powershell.zip
lazarus-threat-intel-report2.pdf		lazarus-threat-intel-report2.pdf
multiple campaigns of the Lazarus group and their connections.pdf		multiple campaigns of the Lazarus group and their connections.pdf
uscert.txt		uscert.txt

README.MD

Summary Report

2023.10.16

Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malwares

https://asec.ahnlab.com/en/57685/

2023.8.15

Lazarus Group Launches First Open Source Supply Chain Attacks Targeting Crypto Sector.

https://twitter.com/blackorbird/status/1691345881310928896

2023.5.12

Attack Trends Related to DangerousPassword

https://blogs.jpcert.or.jp/en/2023/05/dangerouspassword.html

2022.12

BlueNoroff introduces new methods bypassing MoTW

https://securelist.com/bluenoroff-methods-bypass-motw/108383/

2021.11

https://twitter.com/ESETresearch/status/1458438155149922312

A8EF73CC67C794D5AA860538D66898868EE0BEC0

DE0E23DB04A7A780A640C656293336F80040F387

2021.4

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/lazarus-recruitment/

2021.Security Researcher

https://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/

https://enki.co.kr/blog/2021/02/04/ie_0day.html

https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74

https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

https://mp.weixin.qq.com/s/W-C_tKVnXco8C3ctgAjoNQ

https://mp.weixin.qq.com/s/UBD0hyXUooYuDrpsz8-MtQ

2019.09.24

Dtrack RAT

sample password：infected

https://securelist.com/my-name-is-dtrack/93338/

8f360227e7ee415ff509c2e443370e56

3a3bad366916aa3198fd1f76f3c29f24

F84de0a584ae7e02fb0ffe679f96db8d

2019.09.23

related

https://twitter.com/cyberwar_15/status/1175940165425958912

sample password：infected

#Lazarus #Powershell

92.222.106[.]229

158.69.57[.]135

79d09d46fd66085587afca579557bc89

50ca734bfba54ed33af469537b5e22c1

17f0f148f53968effcb42230518aeb67

8b51170fc6ecbea6b8496c8a8a8e4f1a