ioc[.]one - OSINT Cyber Threat Intelligence Database

WinorDLL64: A backdoor from the vast Lazarus arsenal? | WeLiveSecurity

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Develop Capabilities System Network Connections Discovery
country:	Belgium North Korea Netherlands South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Account Access Removal - T1640 Account Access Removal - T1531 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Library - T1560.002 Command And Scripting Interpreter - T1623 Create Process With Token - T1134.002 Data From Local System - T1533 Develop Capabilities - T1587 Domain Account - T1087.002 Domain Account - T1136.002 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Local Account - T1087.001 Local Account - T1136.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 System Information Discovery - T1426 Native Api - T1575 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 System Language Discovery - T1614.001 System Location Discovery - T1614 Tool - T1588.002 Access Token Manipulation - T1134 Account Discovery - T1087 Command-Line Interface - T1059 Data From Local System - T1005 Execution Through Api - T1106 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Network Share Discovery - T1135 Powershell - T1086 Process Discovery - T1057 Query Registry - T1012 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033

Show in Graph

Common Information

Type	Value
UUID	f58739fd-22da-47cc-98ba-236aaa970fc0
Fingerprint	a6944951e5f5ed81
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 23, 2023, 11:30 a.m.
Added to db	Feb. 23, 2023, 8:51 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	WinorDLL64: A backdoor from the vast Lazarus arsenal?
Title	WinorDLL64: A backdoor from the vast Lazarus arsenal? \| WeLiveSecurity
Detected Hints/Tags/Attributes	122/4/27

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	33	✔	WeLiveSecurity	https://blog.eset.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	24	cve-2021-21551
Details	File	3	winordll64.dll
Details	File	2	winorloaderdll64.dll
Details	sha1	2	fe887fcab66d7d7f79f05e0266c0649f0114ba7c
Details	sha1	1	1ba443fde984cee85ebd4d4fa7eb1263a6f1257f
Details	sha1	1	70de783e5d48c6fbb576bc494baf0634bc304fd6
Details	sha1	1	8ec9219303953396e1cb7105cdb18ed6c568e962
Details	MITRE ATT&CK Techniques	96	T1587.001
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	24	T1134.002
Details	MITRE ATT&CK Techniques	297	T1070.004
Details	MITRE ATT&CK Techniques	72	T1087.001
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	176	T1135
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	50	T1614
Details	MITRE ATT&CK Techniques	33	T1614.001
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	29	T1560.002
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	26	T1531