ZetaNile: Open source software trojans from North Korea
ReversingLabs Malware Researcher Joseph Edwards takes a deep dive into ZetaNile, a set of open-source software trojans being used by Lazarus/ZINC.
Joseph Edwards
Former Senior Malware Researcher at ReversingLabs. Joseph specializes in Reverse Engineering and Digital Forensics, and has worked in incident response for large corporations, as well as in consulting. At ReversingLabs he hunts across the TiCloud file corpus for new and emerging threats. His research interests include rootkits, bootkits, viruses, file format exploitation, and mobile malware.
Posts from Joseph Edwards
ZetaNile: Open source software trojans from North Korea
GwisinLocker ransomware targets South Korean industrial and pharma firms
...
Threat analysis: Follina exploit fuels 'live-off-the-land' attacks
An analysis of three in-the-wild payloads delivered using the recently discovered Follina exploit shows how attackers can use it to achieve persistent access in victim environments and turbo-charge efforts to ‘live off the land’ and avoid detection by security monitoring tools.
Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs
ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.