MalwareLab.pl Research Notes

Tag: APT38

In depth analysis of Lazarus validator

Intro Few days ago we found interesting Word document impersonating Lockheed Martin1. Some time later we realized that this sample was a part of larger and older campaign conducted probably against various military contractor conducting businesses with South Korea and that this campaign was already described, however w couldn’t find any in depth analysis of a validator used by Lazarus so here it is. Infection vector There is already a very good analysis done by StrangerealIntel, including an intelligence brief explaining potential reason for this campaign, so we wont into much details here.