CyberThreatIntel/North Korea/APT/Lazarus/23-10-19/analysis.md

A Look into the Lazarus Group's Operations in October 2019

Table of Contents

• Malware analysis
• Cyber kill chain
• Indicators Of Compromise (IOC)
• References MITRE ATT&CK Matrix
• Links
  • Original Tweet
  • Link Anyrun
  • External analysis

Malware analysis

Cyber kill chain

The process graphs resume all the cyber kill chains used by the attacker.

References MITRE ATT&CK Matrix

List of all the references with MITRE ATT&CK Matrix

Enterprise tactics	Technics used	Ref URL

Indicators Of Compromise (IOC)

List of all the Indicators Of Compromise (IOC)

Indicator	Description

This can be exported as JSON format Export in JSON

Links

Original tweet:

• https://twitter.com/RedDrip7/status/1186562944311517184
• https://twitter.com/Rmy_Reserve/status/1188235835956551680
• https://twitter.com/a_tweeter_user/status/1188811977851887616
• https://twitter.com/spider_girl22/status/1187288313285079040
• https://twitter.com/objective_see/status/1187094701729443840

Links Anyrun:

• 6850189bbf5191a76761ab20f7c630ef.xls
• JD-HAL-Manager.doc
• public.dll
• CES2020 참관단.hwp
• 6850189bbf5191a76761ab20f7c630ef.xls

External analysis:

• Analysis of Powershell malware of Lazarus group
• Cryptocurrency businesses still being targeted by Lazarus