SYMBOLCOMMON_NAMEaka. SYNONYMS
win.blindtoad (Back to overview)

BLINDTOAD

Actor(s): Lazarus Group


BLINDTOAD is 64-bit Service DLL that loads an encrypted file from disk and executes it in memory.

References
2020-05-04ADEO DFIRADEO DFIR
@techreport{dfir:20200504:apt38:53494c3, author = {ADEO DFIR}, title = {{APT38 Lazarus Threat Analysis Report}}, date = {2020-05-04}, institution = {ADEO DFIR}, url = {https://adeo.com.tr/wp-content/uploads/2020/05/ADEO-Lazarus-APT38.pdf}, language = {English}, urldate = {2023-02-21} } APT38 Lazarus Threat Analysis Report
BLINDTOAD ELECTRICFISH
2018-11-20Trend MicroLenart Bermejo, Joelson Soares
@online{bermejo:20181120:lazarus:1d8d3b3, author = {Lenart Bermejo and Joelson Soares}, title = {{Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America}}, date = {2018-11-20}, organization = {Trend Micro}, url = {https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america/}, language = {English}, urldate = {2020-01-06} } Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
BLINDTOAD
2018FireEyeFireEye
@online{fireeye:2018:apt38:20161b7, author = {FireEye}, title = {{APT38}}, date = {2018}, organization = {FireEye}, url = {https://content.fireeye.com/apt/rpt-apt38}, language = {English}, urldate = {2020-01-13} } APT38
Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group
2017-10-16BAE SystemsSergei Shevchenko, Hirman Muhammad bin Abu Bakar, James Wong
@online{shevchenko:20171016:taiwan:cb91378, author = {Sergei Shevchenko and Hirman Muhammad bin Abu Bakar and James Wong}, title = {{Taiwan Heist: Lazarus Tools and Ransomware}}, date = {2017-10-16}, organization = {BAE Systems}, url = {https://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html}, language = {English}, urldate = {2020-01-06} } Taiwan Heist: Lazarus Tools and Ransomware
BLINDTOAD Lazarus Group

There is no Yara-Signature yet.