Lazarus

Description

(US-CERT) This submission includes four unique files. The first is an installer for additional malware: a Remote Access Trojan (RAT) and a malicious Dynamic Link Library (DLL) that functions as a Server Message Block (SMB) Worm. The fourth file is another SMB worm in the form of a Windows 32-bit executable.

Both SMB worms attempt to spread locally and to random IP addresses on the public Internet by attempting to brute force vulnerable systems using a built-in list of common passwords. The RAT included with the SMB worm provides the attacker with the ability to deliver additional malware, run local commands, and exfiltrate data.

Names

Name
Lazarus
HIDDEN COBRA RAT/Worm

Type

Backdoor
Worm
Downloader
Info stealer
Exfiltration

Information

https://www.us-cert.gov/ncas/analysis-reports/AR18-149A

Other Information

Uuid

a9a4e1b1-d1fd-446f-9ea9-fa4a62f9a48a

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

Lazarus

Lazarus

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks