From 8077d27732ef0f4d82ad857cf30f8445376e74f7 Mon Sep 17 00:00:00 2001
From: blackorbird <14833213+blackorbird@users.noreply.github.com>
Date: Fri, 6 Sep 2024 14:01:33 +0800
Subject: [PATCH] Create FudModule

---
 lazarus/FudModule | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 lazarus/FudModule

diff --git a/lazarus/FudModule b/lazarus/FudModule
new file mode 100644
index 0000000..b223791
--- /dev/null
+++ b/lazarus/FudModule
@@ -0,0 +1,15 @@
+https://asec.ahnlab.com/wp-content/uploads/2022/09/Analysis-Report-on-Lazarus-Groups-Rootkit-Attack-Using-BYOVD_Sep-22-2022.pdf
+
+https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/
+
+https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf
+
+https://asec.ahnlab.com/ko/40495/
+
+https://securityintelligence.com/posts/direct-kernel-object-manipulation-attacks-etw-providers/
+
+https://www.mandiant.com/resources/blog/lightshift-and-lightshow
+
+https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
+
+https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/