Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 2e48b43f-eb10-4aa8-9573-b469e3265c82 |
| Fingerprint | f6939317bca29907 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Feb. 28, 2024, 1:14 p.m. |
| Added to db | Aug. 31, 2024, 12:34 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day |
| Title | Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs |
| Detected Hints/Tags/Attributes | 114/2/58 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 100 | ✔ | Avast Threat Labs | https://decoded.avast.io/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 23 | cve-2024-21338 |
|
| Details | Domain | 4128 | github.com |
|
| Details | File | 8 | appid.sys |
|
| Details | File | 16 | dbutil_2_3.sys |
|
| Details | File | 8 | ene.sys |
|
| Details | File | 3 | hw.sys |
|
| Details | File | 1 | applockerfltr.sys |
|
| Details | File | 5 | fudmodule.dll |
|
| Details | File | 1 | tem1245.tmp |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 2 | vaccine.txt |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 1 | bfs.sys |
|
| Details | File | 7 | ahcache.sys |
|
| Details | File | 4 | mmcss.sys |
|
| Details | File | 9 | cng.sys |
|
| Details | File | 6 | ksecdd.sys |
|
| Details | File | 30 | tcpip.sys |
|
| Details | File | 5 | iorate.sys |
|
| Details | File | 30 | ci.dll |
|
| Details | File | 11 | dxgkrnl.sys |
|
| Details | File | 5 | peauth.sys |
|
| Details | File | 1 | wtd.sys |
|
| Details | File | 4 | hmpalert.sys |
|
| Details | File | 3 | bindflt.sys |
|
| Details | File | 3 | storqosflt.sys |
|
| Details | File | 4 | wcifs.sys |
|
| Details | File | 2 | cldflt.sys |
|
| Details | File | 3 | filecrypt.sys |
|
| Details | File | 3 | luafv.sys |
|
| Details | File | 2 | npsvctrig.sys |
|
| Details | File | 1 | wof.sys |
|
| Details | File | 4 | fileinfo.sys |
|
| Details | File | 1 | klam.sys |
|
| Details | File | 14 | klif.sys |
|
| Details | File | 1 | klwfp.sys |
|
| Details | File | 1 | klwtp.sys |
|
| Details | File | 1 | klboot.sys |
|
| Details | File | 6 | symevnt.sys |
|
| Details | File | 6 | bhdrvx64.sys |
|
| Details | File | 9 | srtsp64.sys |
|
| Details | File | 2 | ndu.sys |
|
| Details | File | 4 | mpsdrv.sys |
|
| Details | File | 1 | _etw_silodriverstate.sys |
|
| Details | File | 1 | _etw_guid_entry.reg |
|
| Details | File | 1 | _callback_object.reg |
|
| Details | File | 1 | _eprocess.obj |
|
| Details | File | 3 | asdsvc.exe |
|
| Details | File | 1 | ecttable.tab |
|
| Details | File | 1 | _handle_table_entry.obj |
|
| Details | File | 8 | mssense.exe |
|
| Details | File | 198 | msmpeng.exe |
|
| Details | File | 5 | csfalconservice.exe |
|
| Details | File | 3 | hmpalert.exe |
|
| Details | File | 1 | eprocess.obj |
|
| Details | File | 1 | system_handle_table_entry_info_ex.obj |
|
| Details | Github username | 12 | avast |
|
| Details | Url | 1 | https://github.com/avast/ioc/tree/master/fudmodule#yara |