Summary Report

2022.12

BlueNoroff introduces new methods bypassing MoTW

https://securelist.com/bluenoroff-methods-bypass-motw/108383/


2021.11

https://twitter.com/ESETresearch/status/1458438155149922312

A8EF73CC67C794D5AA860538D66898868EE0BEC0 

DE0E23DB04A7A780A640C656293336F80040F387 

2021.4

https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/lazarus-recruitment/

2021.Security Researcher

https://blog.google/threat-analysis-group/update-campaign-targeting-security-researchers/

https://enki.co.kr/blog/2021/02/04/ie_0day.html

https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/

https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74

https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

https://mp.weixin.qq.com/s/W-C_tKVnXco8C3ctgAjoNQ

https://mp.weixin.qq.com/s/UBD0hyXUooYuDrpsz8-MtQ

2019.09.24

Dtrack RAT

sample password：infected

https://securelist.com/my-name-is-dtrack/93338/

8f360227e7ee415ff509c2e443370e56

3a3bad366916aa3198fd1f76f3c29f24

F84de0a584ae7e02fb0ffe679f96db8d



2019.09.23

related

https://twitter.com/cyberwar_15/status/1175940165425958912

sample password：infected

#Lazarus #Powershell

92.222.106[.]229

158.69.57[.]135

79d09d46fd66085587afca579557bc89

50ca734bfba54ed33af469537b5e22c1

17f0f148f53968effcb42230518aeb67

8b51170fc6ecbea6b8496c8a8a8e4f1a