North Korea Turns Against New Targets?!
Contents
Introduction
Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or another is problematic, the analysis below reveals intrinsic connections to the tactics, techniques and tools used by the North Korean APT group – Lazarus.
This discovery came about as we were tracking multiple malicious Office documents that were designed and crafted specifically for Russian victims. Upon closer examination of these documents, we were able to discern that they belonged to the early stages of an infection chain which ultimately led to an updated variant of a versatile Lazarus backdoor, dubbed KEYMARBLE by the US-CERT.
Sometimes referred to as Hidden Cobra, Lazarus is one of the most prevalent and …
Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or another is problematic, the analysis below reveals intrinsic connections to the tactics, techniques and tools used by the North Korean APT group – Lazarus.
This discovery came about as we were tracking multiple malicious Office documents that were designed and crafted specifically for Russian victims. Upon closer examination of these documents, we were able to discern that they belonged to the early stages of an infection chain which ultimately led to an updated variant of a versatile Lazarus backdoor, dubbed KEYMARBLE by the US-CERT.
Sometimes referred to as Hidden Cobra, Lazarus is one of the most prevalent and …
IoC
088c6157d2bb4238f92ef6818b9b1ffe44109347
194.45.8.41
37.238.135.70
4cd5a4782dbed5b8e337ee402f1ef748b5035709
e89458183cb855118539373177c6737f80e6ba3f
http://194.45.8.41
http://37.238.135.70/img/anan.jpg
194.45.8.41
37.238.135.70
4cd5a4782dbed5b8e337ee402f1ef748b5035709
e89458183cb855118539373177c6737f80e6ba3f
http://194.45.8.41
http://37.238.135.70/img/anan.jpg