SYMBOLCOMMON_NAMEaka. SYNONYMS
win.comebacker (Back to overview)

ComeBacker

Actor(s): Lazarus Group


This malware was found in a backdoored Visual Studio project that was used to target security researchers.

References
2021-02-01One Night in NorfolkKevin Perlow
@online{perlow:20210201:dprk:e53f059, author = {Kevin Perlow}, title = {{DPRK Targeting Researchers II: .Sys Payload and Registry Hunting}}, date = {2021-02-01}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/dprk-targeting-researchers-ii-sys-payload-and-registry-hunting/}, language = {English}, urldate = {2021-02-02} } DPRK Targeting Researchers II: .Sys Payload and Registry Hunting
ComeBacker
2021-01-30Microstep Intelligence BureauMicrostep online research response team
@online{team:20210130:analysis:2758345, author = {Microstep online research response team}, title = {{Analysis of Lazarus attacks against security researchers}}, date = {2021-01-30}, organization = {Microstep Intelligence Bureau}, url = {https://www.anquanke.com/post/id/230161}, language = {Chinese}, urldate = {2021-02-02} } Analysis of Lazarus attacks against security researchers
ComeBacker
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2021-01-26ComaeMatt Suiche
@online{suiche:20210126:pandorabox:0fc91d0, author = {Matt Suiche}, title = {{PANDORABOX - North Koreans target security researchers}}, date = {2021-01-26}, organization = {Comae}, url = {https://www.comae.com/posts/pandorabox-north-koreans-target-security-researchers/}, language = {English}, urldate = {2021-01-27} } PANDORABOX - North Koreans target security researchers
ComeBacker
2021-01-26One Night in NorfolkKevin Perlow
@online{perlow:20210126:dprk:04391b6, author = {Kevin Perlow}, title = {{DPRK Malware Targeting Security Researchers}}, date = {2021-01-26}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/dprk-malware-targeting-security-researchers/}, language = {English}, urldate = {2021-01-27} } DPRK Malware Targeting Security Researchers
ComeBacker

There is no Yara-Signature yet.