APT group Lazarus continues to target the financial world with their enhanced techniques and tools and are currently active supplying malware. The group uses customized PowerShell scripts on Windows systems. These scripts connect to the command and control infrastructure and await commands. The scripts disguise themselves with names that appear to be WordPress files or other open-source-based file names.
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)