CYBER MONGOL
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • ASATA
  • Our Journey
  • Intelligence Engine
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

12/9/2021

​Lazarus Group Covert Shellcode Execution Technique

​Lazarus Group Covert Shellcode Execution Technique: ASATA has located and profiled a really interesting shellcode technique which was inspired by Lazarus Group. At its core, the technique uses a list of UUID string values and then converts that to binary shellcode, allocates memory and executes that shellcode. Windows APIs utilized are UuidFromStringA and EnumSystemLocalesA to accomplish that, avoiding all the usual suspects like VirtualAlloc, WriteProcessMemory, CreateThread and standard shellcode generators.
 
Shellcode Loader: https://github.com/pwn1sher/uuid-loader
 
Blog: https://research.nccgroup.com/2021/01/23/rift-analysing-a-lazarus-shellcode-execution-method/
 
UuidFromStringA: https://docs.microsoft.com/en-us/windows/win32/api/rpcdce/nf-rpcdce-uuidfromstringa
 
EnumSystemLocalesA: https://docs.microsoft.com/en-us/windows/win32/api/winnls/nf-winnls-enumsystemlocalesa
 
#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam
 
 


Comments are closed.

    Archives

    December 2021
    November 2021
    October 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.