Emerging Threats
Actor2023, 2020, 2017
Lazarus
3Rules
5References
3Folders
2023-10-18Latest
Summary
Lazarus is tracked here as a threat actor, intrusion set, or campaign with 3 Sigma detections spanning 2023, 2020, 2017. Coverage centers on windows / process_creation, windows / image_load.
Related Detections
Search this threatEmerging Threathightest
Lazarus APT DLL Sideloading Activity
Detects sideloading of trojanized DLLs used in Lazarus APT campaign in the case of a Spanish aerospace company
WindowsImage Load (DLL)
TA0005 · StealthTA0004 · Privilege EscalationTA0003 · PersistenceT1574.001 · DLL+2
Thurein Oo+1Wed Oct 182023
Emerging Threatcriticaltest
Lazarus Group Activity
Detects different process execution behaviors as described in various threat reports on Lazarus group activity
WindowsProcess Creation
G0032 · Lazarus GroupTA0002 · ExecutionT1059 · Command and Scripting Interpreterdetection.emerging-threats
Florian Roth (Nextron Systems)+1Wed Dec 232020
Emerging Threathightest
Lazarus System Binary Masquerading
Detects binaries used by the Lazarus group which use system names but are executed and launched from non-default location
WindowsProcess Creation
TA0005 · StealthT1036.005 · Match Legitimate Resource Name or Locationdetection.emerging-threats
Trent Liffick+1Wed Jun 032017
References