LolZarus: Lazarus Group Incorporating Lolbins into Campaigns
Contents
LolZarus: Lazarus Group Incorporating Lolbins into Campaigns
Last updated on: December 23, 2022
Table of Contents
Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin. This blog details the markers of this campaign, including macro content, campaign flow and phishing themes of our identified variants and older variants that have been attributed to Lazarus by other vendors.
The Qualys Research Team recently identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin Corporation, which is an American aerospace, arms, defence, information security, and technology corporation. This is thematically similar to other observed variants where Lazarus has posed as defence companies like Northrop Grumman and BAE Systems with job openings. We refer to this campaign as “LolZarus” due to the use of different lolbins in observed …
Last updated on: December 23, 2022
Table of Contents
Qualys Threat Research has identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin. This blog details the markers of this campaign, including macro content, campaign flow and phishing themes of our identified variants and older variants that have been attributed to Lazarus by other vendors.
The Qualys Research Team recently identified a new Lazarus campaign using employment phishing lures targeting the defence sector. The identified variants target job applicants for Lockheed Martin Corporation, which is an American aerospace, arms, defence, information security, and technology corporation. This is thematically similar to other observed variants where Lazarus has posed as defence companies like Northrop Grumman and BAE Systems with job openings. We refer to this campaign as “LolZarus” due to the use of different lolbins in observed …
IoC
3f326da2affb0f7f2a4c5c95ffc660cc
490c885dc7ba0f32c07ddfe02a04bbb9
712a8e4d3ce36d72ff74b785aaf18cb0
a27a9324d282d920e495832933d486ee
e87b575b2ddfb9d4d692e3b8627e3921
f2a0e9034d67f8200993c4fa8e4f5d15
https://markettrendingcenter.com/lk_job_oppor.docx
https://markettrendingcenter.com/member.htm
https://www.advantims.com/GfxCPL.xsl
490c885dc7ba0f32c07ddfe02a04bbb9
712a8e4d3ce36d72ff74b785aaf18cb0
a27a9324d282d920e495832933d486ee
e87b575b2ddfb9d4d692e3b8627e3921
f2a0e9034d67f8200993c4fa8e4f5d15
https://markettrendingcenter.com/lk_job_oppor.docx
https://markettrendingcenter.com/member.htm
https://www.advantims.com/GfxCPL.xsl