Rule Library
Sigma Rules
3 rules found for "Lazarus"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
Lazarus System Binary Masquerading
Detects binaries used by the Lazarus group which use system names but are executed and launched from non-default location
WindowsProcess Creation
Trent Liffick+1Wed Jun 032017
Emerging Threatcriticaltest
Lazarus Group Activity
Detects different process execution behaviors as described in various threat reports on Lazarus group activity
WindowsProcess Creation
Florian Roth (Nextron Systems)+1Wed Dec 232020
Emerging Threathightest
Lazarus APT DLL Sideloading Activity
Detects sideloading of trojanized DLLs used in Lazarus APT campaign in the case of a Spanish aerospace company
WindowsImage Load (DLL)
Thurein Oo+1Wed Oct 182023