so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


Malwarebytes Labs mis-attribution to Lazarus Group

Nice Malwarebytes Labs analysis of malware but the attribution to Lazarus Group is wrong:

  • In this campaign the actor has targeted people that are looking for job opportunities at Lockheed Martin. Targeting the defense industry and specifically Lockheed Martin is a known target for this actor.
  • Using job opportunities as template is the known method used by Lazarus to target its victims.
  • Using Frame1_Layout for macro execution and using lesser known API calls for shellcode execution is known to be used by Lazarus.

You can do better than this, Malwarebytes, or should I say Ankur Saini and Hossein Jazi?