The Lazarus group targeted employees of a nuclear-related organization with phishing emails containing malicious archive files. The emails were disguised as job opportunities at prominent aerospace and defense companies, aiming to trick the victims into opening the malicious attachments.
Tag: Malware
Hunt 4 Malicious Check of AV Processes
The attacker may have used the malware to check for antivirus-related processes running in the system.
Undetected Playground for Malware
- Threat actors embedded malicious GDScript code within the Godot Engine, a legitimate software.
- Upon execution of the Godot Engine, the GDScript is loaded, which then downloads and executes a malicious payload.
- This technique has been successful in remaining undetected by most antivirus tools.
Image-Based Malware Delivery
Goal: Deliver deceptive payloads or disrupt attacker operations through manipulated images.
Approach: Hiding malicious or disruptive code within images.
Embed malicious or disruptive code within images that are designed to be downloaded or processed by attackers. This code can trigger alerts, collect information about the attacker’s environment, or even disrupt their tools and infrastructure.
Symbolic Execution-Based Parameter Extraction
To gather comprehensive information about malware behavior and identify potential deception parameters.
Deep analysis of malware using symbolic execution.
This element utilizes symbolic execution to analyze malware behavior and extract potential deception parameters. By exploring multiple execution paths, it can reveal hidden behaviors and identify critical system configurations that can be manipulated for deception,