Tag
Lazarus Group's Brandjacking Campaign on npm Delivers Persistent Node.js Backdoor
3 rules 5 TTPs 1 IOCThe Lazarus Group is conducting a brandjacking campaign on npm, using dozens of malicious packages like 'buffer-utilities' to deploy a Node.js backdoor that collects host information, establishes C2 communication, and maintains persistent attacker-controlled code execution, primarily targeting developers.
Drift Protocol $280M Crypto Theft Linked to North Korean Hackers
2 rules 1 TTPThe Drift Protocol suffered a $280 million crypto theft orchestrated by North Korean hackers who spent six months building an in-person operational presence within the Drift ecosystem, engaging with contributors at crypto conferences and via Telegram.
Lazarus Group's Dacls RAT Targets macOS
3 rules 3 TTPs 1 CVE 2 IOCsThe Lazarus Group is distributing a new variant of the Dacls RAT targeting macOS systems via a trojanized application, installing a hidden executable and attempting persistence.
Lazarus Group's AppleJeus macOS Backdoor via JMT Trader
2 rules 2 TTPs 3 IOCsThe Lazarus APT group is distributing a macOS backdoor named AppleJeus via a fake cryptocurrency trading application called JMT Trader, persisting through a launch daemon and communicating with the C&C server beastgoc.com.
Lazarus Group Macloader Malware Analysis and Repurposing
2 rules 2 TTPs 1 IOCThe Lazarus group's macloader malware (OSX.AppleJeus.C) uses a launch daemon for persistence and executes downloaded payloads directly from memory, communicating with a C2 server to retrieve second-stage payloads, posing a significant threat due to its fileless execution and potential for repurposing.