Catching Lazarus: Threat Intelligence to Real Detection Logic - Part Two
Contents
Catching Lazarus: Threat Intelligence to Real Detection Logic - Part Two
By Guillaume Couchard, Qimin Wang and Thiam Loong Siew on 23 October, 2020
Introduction
In this second blog post, we will continue to share actionable detection insights for blue teams to defend their organization against the Advanced Persistent Threat (APT) group – Lazarus Group. As discussed in the first part of this blog series [1], these detection insights are derived from intelligence contained in a recent report[2] released by the F-Secure Threat Intelligence (TI) Team. From the TI report, we know that the Lazarus Group employed varying techniques across the MITRE ATT&CK® Matrix[3] in their attack. We covered three phases in the first blog post: Initial Access, Execution, and Persistence, and we discussed part of the Defense Evasion phase.
The remaining techniques in the defense evasion phase will be covered in this blog post, as well as the Credential Access, Lateral Movement and …
By Guillaume Couchard, Qimin Wang and Thiam Loong Siew on 23 October, 2020
Introduction
In this second blog post, we will continue to share actionable detection insights for blue teams to defend their organization against the Advanced Persistent Threat (APT) group – Lazarus Group. As discussed in the first part of this blog series [1], these detection insights are derived from intelligence contained in a recent report[2] released by the F-Secure Threat Intelligence (TI) Team. From the TI report, we know that the Lazarus Group employed varying techniques across the MITRE ATT&CK® Matrix[3] in their attack. We covered three phases in the first blog post: Initial Access, Execution, and Persistence, and we discussed part of the Defense Evasion phase.
The remaining techniques in the defense evasion phase will be covered in this blog post, as well as the Credential Access, Lateral Movement and …