2022-2024 North Korea Citrine Sleet /Lazarus FUDMODULE ( BYOVD ) Rootkit Samples
Contents
2024-08-30 Microsoft: North Korean threat actor Citrine Sleet exploiting Chromium zero-day
2024-03-01 Lazarus group operations — A deep dive into FudModule Rootkit by Lucas Mancilha
Download. Email me if you need the password scheme.File Information
├── 2022-09-22 Ahnlab
│ └── cbd1634cf7c638f2faf5e3ec79137db6704ec9de8df798fc46aeeed38de3da9b dll
├── 2022-09-30 ESET
│ └── 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5 DBUtil 2 3 Sys
├── 2024-04-18 Avast GenDigital Blackhat Asia
│ ├── 381d3ba5fd446e53f1c71f05a2b97124382146b4c7f28884174334db7b347219 dll
│ ├── 4b1cba57928e02665be444a51937228c4d7315ff5e08c13a03bd7c77eebdcf5e dll
│ └── d9add2bfdfebfa235575687de356f0cefb3e4c55964c4cb8bfdcdc58294eeaca DSROLE DLL
└── Other
└── cbd1634cf7c638f2faf5e3ec79137db6704ec9de8df798fc46aeeed38de3da9b BYOVDBYOVDRootkit
2024-03-01 Lazarus group operations — A deep dive into FudModule Rootkit by Lucas Mancilha
Download. Email me if you need the password scheme.File Information
├── 2022-09-22 Ahnlab
│ └── cbd1634cf7c638f2faf5e3ec79137db6704ec9de8df798fc46aeeed38de3da9b dll
├── 2022-09-30 ESET
│ └── 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5 DBUtil 2 3 Sys
├── 2024-04-18 Avast GenDigital Blackhat Asia
│ ├── 381d3ba5fd446e53f1c71f05a2b97124382146b4c7f28884174334db7b347219 dll
│ ├── 4b1cba57928e02665be444a51937228c4d7315ff5e08c13a03bd7c77eebdcf5e dll
│ └── d9add2bfdfebfa235575687de356f0cefb3e4c55964c4cb8bfdcdc58294eeaca DSROLE DLL
└── Other
└── cbd1634cf7c638f2faf5e3ec79137db6704ec9de8df798fc46aeeed38de3da9b BYOVDBYOVDRootkit
IoC
0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
381d3ba5fd446e53f1c71f05a2b97124382146b4c7f28884174334db7b347219
4b1cba57928e02665be444a51937228c4d7315ff5e08c13a03bd7c77eebdcf5e
cbd1634cf7c638f2faf5e3ec79137db6704ec9de8df798fc46aeeed38de3da9b
d9add2bfdfebfa235575687de356f0cefb3e4c55964c4cb8bfdcdc58294eeaca
381d3ba5fd446e53f1c71f05a2b97124382146b4c7f28884174334db7b347219
4b1cba57928e02665be444a51937228c4d7315ff5e08c13a03bd7c77eebdcf5e
cbd1634cf7c638f2faf5e3ec79137db6704ec9de8df798fc46aeeed38de3da9b
d9add2bfdfebfa235575687de356f0cefb3e4c55964c4cb8bfdcdc58294eeaca