Actor(s): Lazarus Group
The HTTP(S) uploader is a Lazarus tool responsible for data exfiltration, by using the HTTP or HTTPS protocols.
It accepts up to 10 command line parameters: a 29-byte decryption key, a C&C for data exfiltration, the name of a local RAR split volume, the name of the multivolume archive on the server side, the size of a RAR split (max 200,000 kB), the starting index of a split, the ending index of a split, and the switch -p with a proxy IP address and port
|2022-09-30 ⋅ ESET Research ⋅ |
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
BLINDINGCAN FudModule HTTP(S) uploader LambLoad TOUCHMOVE
|2021-02-25 ⋅ Kaspersky Labs ⋅ |
Lazarus targets defense industry with ThreatNeedle
HTTP(S) uploader LPEClient Volgmer
|2020-12-15 ⋅ HvS-Consulting AG ⋅ |
Greetings from Lazarus Anatomy of a cyber espionage campaign
BLINDINGCAN HTTP(S) uploader MimiKatz
There is no Yara-Signature yet.