"techniques. toolset reports from google ’ s mandiant in september 2024 and from kaspersky in december 2024 describe tools used by lazarus in its operation dreamjob in 2024. in this section, we mention the tools to which the group shifted in operation dreamjob in 2025. based on th…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1036.005Match Legitimate Resource Name or Location
77%
"the two trojanized plugins binmergeloader. - trojanized open - source plugins for notepad + +, specifically a downloader very similar to binmergeloader ( npphexeditor v10. 0. 0 by mackenzie cumings ) and a dropper of an unknown payload ( compareplus v1. 1. 0 by pavel nedev ). the…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
71%
"##8da4 ) has the internal dll name droneexehijackingloader. dll and is disguised as a windows web services runtime library in order to be successfully side - loaded ; see figure 2. we believe that the substring drone is there to designate both a uav device and the attacker ’ s in…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
67%
"##ers, and downloaders generally, lazarus attackers are highly active and deploy their backdoors against multiple targets. this frequent use exposes these tools and allows them to become detected. as a countermeasure, the group ’ s tools are preceded in the execution chain by a s…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.002Tool
57%
"containing design templates or plugins. in summary, we attribute this activity with a high level of confidence to lazarus, particularly to its campaigns related to operation dreamjob, based on the following : - initial access was obtained by social engineering, convincing the tar…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1574.001DLL
51%
"##8da4 ) has the internal dll name droneexehijackingloader. dll and is disguised as a windows web services runtime library in order to be successfully side - loaded ; see figure 2. we believe that the substring drone is there to designate both a uav device and the attacker ’ s in…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.002Tool
49%
"is likely that operation dreamjob was – at least partially – aimed at stealing proprietary information, and manufacturing know - how, regarding uavs. the drone mention observed in one of the droppers significantly reinforces this hypothesis. to be clear, we can only hypothesize a…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.002Tool
42%
"gotta fly : lazarus targets the uav sector eset researchers have recently observed a new instance of operation dreamjob – a campaign that we track under the umbrella of north korea - aligned lazarus – in which several european companies active in the defense industry were targete…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.002Tool
34%
"’ s most significant evolution is the introduction of new libraries designed for dll proxying and the selection of new open - source projects to trojanize for improved evasion. profile of lazarus and its operation dreamjob the lazarus group ( also known as hidden cobra ) is an ap…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
ESET research analyzes a recent instance of the Operation DreamJob cyberespionage campaign conducted by Lazarus, a North Korea-aligned APT group