Lazarus Strikes with WinorDLL64 Backdoor Discovered in Wslink Malware loader

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

A newly discovered backdoor named WinorDLL64 seems to be associated with the malware downloader Wslink. This revelation suggests that Lazarus, the notorious North Korea-aligned group, may have employed this tool. WinorDLL64 enables the manipulation of various files, such as exfiltration, and deletion, as well as executing further commands.