Lazarus Group Uses the DLL Side-Loading Technique (2)
Contents
Through the “Lazarus Group Uses the DLL Side-Loading Technique” [1] blog post, AhnLab SEcurity intelligence Center(ASEC) has previously covered how the Lazarus group used the DLL side-loading attack technique using legitimate applications in the initial access stage to achieve the next stage of their attack process. This blog post will cover the added DLL variants and their verification routine for the targets.
The Lazarus group is an APT group that targets South Korean companies, institutions, think tanks, and others. On January 12, 2024, a new legitimate program for DLL side-loading (T1574.002 Hijack Execution Flow: DLL side-loading), a technique commonly used by the Lazarus group to execute malware, was discovered through AhnLab Smart Defense (ASD).
The threat actor typically uses the DLL side-loading technique in the initial access and malware execution stages. This method saves a legitimate application and a malicious DLL in the same folder path so that the malicious DLL is …
The Lazarus group is an APT group that targets South Korean companies, institutions, think tanks, and others. On January 12, 2024, a new legitimate program for DLL side-loading (T1574.002 Hijack Execution Flow: DLL side-loading), a technique commonly used by the Lazarus group to execute malware, was discovered through AhnLab Smart Defense (ASD).
The threat actor typically uses the DLL side-loading technique in the initial access and malware execution stages. This method saves a legitimate application and a malicious DLL in the same folder path so that the malicious DLL is …
IoC
21def97a3c5b95df1e1aeb6486881656
edca71eda8650a2c591c37c780b6a0c5
edca71eda8650a2c591c37c780b6a0c5