Lazarus Group Uses the DLL Side-Loading Technique (mi.dll) - ASEC BLOG
Tags
attack-pattern: Dll Side-Loading - T1574.002 Hijack Execution Flow - T1574 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Dll Side-Loading - T1073 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID 84027d4c-5185-4177-9c25-2a858d103a30
Fingerprint 95010909adea0eaa
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 12, 2022, 1:48 p.m.
Added to db Oct. 13, 2022, 7:41 a.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline Lazarus Group Uses the DLL Side-Loading Technique (mi.dll)
Title Lazarus Group Uses the DLL Side-Loading Technique (mi.dll) - ASEC BLOG
Detected Hints/Tags/Attributes 29/1/20
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/39828/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 163 https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 360 
attack.mitre.org
Details File 6 
mi.dll
Details File 25 
wsmprovhost.exe
Details File 5 
dfrgui.exe
Details File 11 
inisafecrosswebexsvc.exe
Details File 20 
scskapplink.dll
Details File 2 
c:\programdata\microsoft\identitycrl\mi.dll
Details File 2 
c:\programdata\microsoft\identitycrl\wsmprovhost.exe
Details File 2 
c:\programdata\usoshared\mi.dll
Details File 2 
c:\programdata\usoshared\wsmprovhost.exe
Details File 2 
c:\programdata\midassoft\mi.dll
Details File 2 
c:\programdata\midassoft\wsmprovhost.exe
Details File 2 
dfgui.exe
Details md5 2 
0cc73994988e8dce2a2eeab7bd410fad
Details md5 2 
54b0454163b25a38368e518e1687de5b
Details md5 2 
9caebeda61018e86a29c291225f0319f
Details md5 2 
ff46decb93c6d676a37e87de57bae196
Details MITRE ATT&CK Techniques 227 
T1574.002
Details MITRE ATT&CK Techniques 164 
T1574
Details Url 13 
https://attack.mitre.org/techniques/t1574/002