ioc[.]one - OSINT Cyber Threat Intelligence Database

Lazarus & BYOVD: evil to the Windows core

Show in Graph

Common Information

Type	Value
UUID	7e5eceb6-229a-48ef-aea6-ec75d4d53453
Fingerprint	077c832393ae645659f1dfd820b490ffc8d8db61565c3c1c7ab1858013c8ae16
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 19, 2022, 7:01 p.m.
Added to db	April 16, 2024, 6:51 p.m.
Last updated	Aug. 31, 2024, midnight
Headline	Lazarus & BYOVD: evil to the Windows core
Title	Lazarus & BYOVD: evil to the Windows core
Detected Hints/Tags/Attributes	98/2/100

Source URLs

	Redirection	Url
Details	Source	https://www.virusbulletin.com/uploads/pdf/conference/vb2022/VB2022-Kalnai-Havranek.pdf
Details	Source	https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Lazarus-and-BYOVD-evil-to-the-Windows-core.pdf

URL Provider

Details	Provider	Source level domain
Details	virusbulletin.com	www.virusbulletin.com

Attributes

Details	Type	#Events	Value
Details	CVE	24	cve-2021-21551
Details	Domain	114	eset.com
Details	Domain	247	www.virusbulletin.com
Details	Domain	1	triplefault.io
Details	Domain	262	www.welivesecurity.com
Details	Domain	17	vblocalhost.com
Details	Domain	124	www.sentinelone.com
Details	Domain	281	docs.microsoft.com
Details	Domain	622	en.wikipedia.org
Details	Domain	4128	github.com
Details	Domain	1	dk.upce.cz
Details	Domain	29	www.nirsoft.net
Details	Domain	1	douggemhax.wordpress.com
Details	Domain	10	blog.xpnsec.com
Details	Domain	1	www.triplefault.io
Details	Domain	768	www.youtube.com
Details	Domain	1	br-sn.github.io
Details	Domain	1	aviadshamriz.medium.com
Details	Domain	1	publications.drdo.gov.in
Details	Domain	1	public.cnotools.studio
Details	Domain	31	dl.acm.org
Details	Domain	1	www.ijiss.org
Details	Domain	7	leanpub.com
Details	Email	2	peter.kalnai@eset.com
Details	Email	1	matej.havranek@eset.com
Details	File	269	msiexec.exe
Details	File	2	c:\windows\windows.ini
Details	File	1	windows.ini
Details	File	16	dbutil_2_3.sys
Details	File	2	circlassmgr.sys
Details	File	2	dmvscmgr.sys
Details	File	2	hidirmgr.sys
Details	File	2	isapnpmgr.sys
Details	File	2	mspqmmgr.sys
Details	File	4	umpassmgr.sys
Details	File	533	ntdll.dll
Details	File	125	ntoskrnl.exe
Details	File	1	netoi.sys
Details	File	79	regedit.exe
Details	File	6	wdfilter.sys
Details	File	1	procmon24.sys
Details	File	1	obcallbacktest.sys
Details	File	1	obcallbacktestctrl.exe
Details	File	380	notepad.exe
Details	File	7	ahcache.sys
Details	File	4	mmcss.sys
Details	File	9	cng.sys
Details	File	6	ksecdd.sys
Details	File	30	tcpip.sys
Details	File	5	iorate.sys
Details	File	30	ci.dll
Details	File	11	dxgkrnl.sys
Details	File	1	scanuser.exe
Details	File	1	scanner.sys
Details	File	2	malware.txt
Details	File	4	fltlib.dll
Details	File	8	netio.sys
Details	File	5	fudmodule.dll
Details	File	1	vb2021-park.pdf
Details	File	3	win_prefetch_view.html
Details	File	1	enumerating-process-thread-and-image.html
Details	File	1206	index.php
Details	Github username	48	microsoft
Details	Github username	1	axtmueller
Details	Github username	1	br-sn
Details	Github username	2	zodiacon
Details	sha256	1	97c78020eedfcd5611872ad7c57f812b069529e96107b9a33b4da7bc967bf38f
Details	sha256	3	0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
Details	Url	1	https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium.
Details	Url	1	https://vblocalhost.com/uploads/vb2021-park.pdf
Details	Url	1	https://www.sentinelone.com/labs/cve-2021-
Details	Url	1	https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel
Details	Url	1	https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/-peb.
Details	Url	1	https://en.wikipedia.org/wiki/list_of_microsoft_windows_versions.
Details	Url	1	https://github.com/microsoft/windows-driver-samples.
Details	Url	3	https://docs.microsoft.com/en-us/windows-hardware/drivers
Details	Url	1	https://github.com/microsoft/windows-driver-samples/tree/main
Details	Url	1	https://en.wikipedia.org/wiki/eicar_test_file.
Details	Url	3	https://docs.microsoft.com/en-us/windows-hardware
Details	Url	1	https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/fltuserstructures/ns-fltuserstructures-_filter_
Details	Url	1	https://docs.microsoft.com/en-us/windows-hardware/drivers/network/introduction-to-windows-filtering-platform-
Details	Url	1	https://dk.upce.cz/handle/10195/58000.
Details	Url	2	https://docs.microsoft.com/en-us/windows-
Details	Url	3	https://www.nirsoft.net/utils/win_prefetch_view.html
Details	Url	1	https://douggemhax.wordpress.com/2015/05/27/obregistercallbacks-and-countermeasures/.
Details	Url	1	https://blog.xpnsec.com
Details	Url	1	https://www.triplefault.io/2017/09/enumerating-process-thread-and-image.html
Details	Url	1	https://www.youtube.com/watch?v=85h4rvpgix4
Details	Url	1	https://en.wikipedia.org/wiki/endpoint_detection_and_response.
Details	Url	1	https://br-sn.github.io
Details	Url	1	https://aviadshamriz.medium.com/part-1-fs-minifilter-
Details	Url	1	https://publications.drdo.gov.in/ojs/index.php/dsj/article/view/1425.
Details	Url	1	https://public.cnotools.studio
Details	Url	2	https://dl.acm.org/doi
Details	Url	1	https://www.ijiss.org/ijiss/index.php/ijiss/article/download/118/pdf_25.
Details	Url	1	https://github.com/axtmueller/windows-kernel-explorer.
Details	Url	1	https://github.com/br-sn/cheekyblinder.
Details	Url	1	https://github.com/zodiacon/etwexplorer.
Details	Url	1	https://leanpub.com/windowskernelprogramming.
Details	Url	1	https://www.welivesecurity.com/2022/01/11/signed-kernel-drivers-unguarded-gateway-windows-core/.