T1083 | lazarus.day

#T1083 File and Directory Discovery

Technique

Tactics: Discovery
Description:
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Many command shell utilities can be used to obtain this information. Examples include dir, tree, ls, find, and locate.(Citation: Windows Commands JPCERT) Custom tools may also be used to gather file and directory information and interact with the Native API. Adversaries may also leverage a Network Device CLI on network devices to gather file and directory information (e.g. dir, show flash, and/or nvram).(Citation: US-CERT-TA18-106A)

Some files and directories may require elevated or specific user permissions to access.
First Seen: Lazarus Group • 2017-05-31

MITRE ATT&CK

76

Tagged Reports
40

Unique Authors
3,317

Active Days

Tagged Reports

2022-04-11

Cluster25

DPRK-NEXUS ADVERSARY TARGETS SOUTH-KOREAN INDIVIDUALS IN A NEW CHAPTER OF KITTY PHISHING OPERATION

#KittyPhishing #T1573 #T1562.001 #T1203 #T1036 #T1106 #T1059.005 #T1027.002 #T1071 #T1568 #T1057 #T1082 #T1406 #T1518.001 #T1221 #T1566.001 #T1006 #T1547.001 #T1560 #T1105 #T1083 #T1497 #T1566.002

2022-03-31

Kaspersky

Lazarus Trojanized DeFi app for delivering malware

#DeFi #T1070.004 #T1083 #T1041 #T1124 #T1204.002 #T1573.001 #T1547.001 #T1071.001 #T1070.006 #T1057 #T1082 #Lazarus

2021-12-02

SOCRadar

APT Profile: Who is Lazarus Group?

#Lazarus #T1090.001 #T1134.002 #T0865 #T1562.001 #T1543.003 #T1059.003 #T1074.001 #T1553.002 #T1485 #T1614.001 #T1591 #T1218.011 #T1620 #T1078 #T1587.001 #T1027.007 #T1010 #T1571 #T1090.002 #T1542.003 #T1583.001 #T1033 #T1497.001 #T1560.002 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1566.003 #T1027.002 #T1562.004 #T1529 #T1049 #T1140 #T1585.001 #T1005 #T1053.005 #T1564.001 #T1608.001 #T1105 #T1046 #T1491.001 #T1055.001 #T1070 #T1589.002 #T1036.005 #T1110 #T1547.009 #T1489 #T1110.003 #T1534 #T1047 #T1588.004 #T1104 #T1036.003 #T1591.004 #T1001.003 #T1057 #T1082 #T1561.002 #T1566.001 #T1561.001 #T1574.013 #T1573.001 #T1608.002 #T1585.002 #T1218 #T1588.002 #T1036.004 #T1204.001 #T1041 #T1560 #T1202 #T1071.001 #T1218.005 #T1059.001 #T1593.001 #T1189 #T1124 #T1056.001 #T1070.006 #T1008 #T1102.002 #T1048.003 #T1583.006 #T1221 #T1557.001 #T1098 #T1547.001 #T1567.002 #T1584.004 #T1087.002 #T1070.004 #T1560.003 #T1070.003 #T1583.004 #T1132.001 #T1588.003 #T1021.002 #T1204.002 #T1220 #T1574.002 #T1083 #T1566.002 #T1021.001 #T1021.004 #T1584.001

2021-11-04

NSHC

Threat Actor targeted attack against Finance and Investment industry

#T1036 #T1043 #T1106 #T1102 #T1071 #T1143 #T1082 #T1119 #T1221 #T1049 #T1193 #T1005 #T1041 #T1020 #T1105 #T1083 #T1064 #T1204 #T1059

2021-06-01

Malwarebytes

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

#Kimsuky #AppleSeed #T1025 #T1134 #T1027 #T1082 #T1566.001 #T1547.001 #T1140 #T1585.002 #T1598 #T1583 #T1585.001 #T1005 #T1059.007 #T1587.001 #T1070.004 #T1041 #T1113 #T1560 #T1071.001 #T1218.010 #T1112 #T1083 #T1059.001 #T1056.001 #T1001

2021-02-28

PWC

Cyber Threats 2020: A Year in Retrospect

#AppleSeed #VeraPort #ShowState #BlackArtemis #BlackBanshee #BlackShoggoth #T1036 #T1068 #T1027 #T1071 #T1057 #T1082 #T1221 #T1187 #T1566 #T1547.001 #T1140 #T1005 #T1070.004 #T1041 #T1195 #T1083 #T1490 #T1486 #T1056.001 #T1133 #T1204 #T1059 #T1489

2021-02-25

Kaspersky

Lazarus targets defense industry with ThreatNeedle

#ThreatNeedle #Defense #Lazarus #T1090.001 #T1016 #T1104 #T1036.003 #T1560.001 #T1543.003 #T1132.002 #T1057 #T1082 #T1059.003 #T1070.002 #T1557.001 #T1572 #T1547.001 #T1135 #T1049 #T1140 #T1036.004 #T1070.004 #T1041 #T1070.003 #T1021.002 #T1204.002 #T1071.001 #T1112 #T1083 #T1007 #T1033 #T1566.002 #T1569.002

2020-10-27

USCISA

North Korean Advanced Persistent Threat Focus: Kimsuky

#Kimsuky #T1562.004 #T1082 #T1548.002 #T1550.002 #T1566.001 #T1074.001 #T1573.001 #T1547.001 #T1070.004 #T1505.003 #T1219 #T1560 #T1055 #T1547 #T1059.006 #T1083 #T1218.005 #T1059.001 #T1040 #T1189 #T1546.001 #T1056.001 #T1566.002 #T1021.001 #T1114.003 #T1185 #T1003

2020-08-26

USCISA

FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

#BeagleBoyz #FASTCash2 #T1190 #T1562.001 #T1565.002 #T1543.003 #T1552.004 #T1056 #T1119 #T1565.003 #T1553.002 #T1485 #T1199 #T1021 #T1078 #T1010 #T1014 #T1574.001 #T1033 #T1203 #T1036 #T1012 #T1016 #T1059.005 #T1106 #T1027 #T1102 #T1071 #T1053.004 #T1027.005 #T1049 #T1140 #T1005 #T1129 #T1105 #T1110 #T1095 #T1489 #T1569.002 #T1573 #T1057 #T1082 #T1561.002 #T1518.001 #T1566.001 #T1548.003 #T1090 #T1041 #T1219 #T1560 #T1202 #T1562.003 #T1059.001 #T1189 #T1204 #T1070.006 #T1059 #T1101 #T1565.001 #T1056.004 #T1098 #T1547.001 #T1053.003 #T1562.006 #T1070.004 #T1505.003 #T1070.003 #T1113 #T1132.001 #T1020 #T1021.002 #T1218.001 #T1055 #T1087 #T1115 #T1083 #T1053 #T1486 #T1133 #T1021.001 #T1217

2020-08-18

With Secure

Lazarus group Campaign Targeting The Cryptocurrency Vertical

#Cryptocurrency #Whitepaper #YARA #Lazarus #T1059.005 #T1566.003 #T1552.001 #T1543.003 #T1027.002 #T1059.003 #T1003.001 #T1021.005 #T1070.004 #T1053.005 #T1078.002 #T1055.002 #T1070.001 #T1071.001 #T1112 #T1547.005 #T1083 #T1218.005 #T1059.001 #T1021.001

2020-08-14

USCISA

Phishing Emails Used to Deploy KONNI Malware

#Phishing #Konni #T1134.002 #T1016 #T1048.003 #T1057 #T1082 #T1548.002 #T1059.003 #T1566.001 #T1218.011 #T1547.001 #T1140 #T1070.004 #T1113 #T1132.001 #T1105 #T1071.001 #T1112 #T1115 #T1083 #T1059.001 #T1033 #T1036.005 #T1056.001 #T1555.003 #T1547.009 #T1546.015

2020-07-16

ESET

Mac cryptocurrency trading application rebranded, bundled with malware

#Cryptocurrency #GMERA #T1159 #T1005 #T1139 #T1083 #T1518 #T1539 #T1497 #T1065 #T1113 #T1043 #T1040 #T1116 #T1048 #T1204 #T1059 #T1082

2020-02-25

Sentinel One

DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity

#HiddenCobra #T1012 #T1043 #T1016 #T1027 #T1050 #T1048 #T1065 #T1057 #T1056 #T1082 #T1024 #T1090 #T1005 #T1193 #T1041 #T1105 #T1132 #T1055 #T1060 #T1083 #T1064 #T1124 #T1033 #T1074 #T1204 #T1003

2019-08-26

MITRE

Kimsuky

#Kimsuky #G0094 #T1136 #T1589 #T1562 #T1534 #T1190 #T1593 #T1036 #T1012 #T1608 #T1587 #T1550 #T1543 #T1016 #T1027 #T1114 #T1567 #T1102 #T1071 #T1057 #T1056 #T1082 #T1176 #T1566 #T1111 #T1591 #T1098 #T1585 #T1021 #T1553 #T1584 #T1140 #T1218 #T1598 #T1546 #T1583 #T1005 #T1552 #T1078 #T1518 #T1505 #T1041 #T1219 #T1560 #T1555 #T1564 #T1105 #T1588 #T1547 #T1070 #T1112 #T1557 #T1083 #T1055 #T1594 #T1007 #T1053 #T1040 #T1133 #T1586 #T1074 #T1204 #T1059 #T1003

2019-01-29

MITRE

APT38

#G0082 #APT38 #T1562 #T1543 #T1106 #T1027 #T1071 #T1057 #T1056 #T1082 #T1566 #T1529 #T1485 #T1135 #T1049 #T1218 #T1005 #T1518 #T1505 #T1561 #T1105 #T1588 #T1565 #T1115 #T1070 #T1112 #T1083 #T1053 #T1486 #T1189 #T1569 #T1033 #T1110 #T1204 #T1059 #T1217

« Back