confidencemediumthreat-actorattributionmalware-familyloaderratc2impact

Lazarus Group

Overview

Lazarus Group is an advanced persistent threat (APT) cluster widely associated with North Korean state-sponsored cyber operations. In this corpus, the label lazarus is applied by MalwareBazaar/OpenCTI to a subset of samples including the remotepe backdoor family and related tooling. Attribution confidence is medium — the label is vendor-collected and not independently verified by the corpus maintainer.

Observed Tooling in Corpus

Family	Platform	Role	Confidence
remotepe	Windows x64 DLL	Plugin-based RAT / backdoor	Medium

Capabilities (Observed in Corpus)

http-c2-telemetry-masquerade
plugin-modular-rat
token-duplication-lateral-movement
bcrypt-encrypted-communications
native-api-process-creation
zip-cabinet-archive-staging

References

OpenCTI connector label: lazarus / remotepe via MalwareBazaar integration

> Family · Lazarus Group_

Lazarus Group

Overview

Observed Tooling in Corpus

Capabilities (Observed in Corpus)

References