Lazarus Strikes with WinorDLL64 Backdoor Discovered in Wslink Malware loader
Lazarus Strikes with WinorDLL64 Backdoor Discovered in Wslink Malware loader
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
A newly discovered backdoor named WinorDLL64 seems to be associated with the malware downloader Wslink. This revelation suggests that Lazarus, the notorious North Korea-aligned group, may have employed this tool. WinorDLL64 enables the manipulation of various files, such as exfiltration, and deletion, as well as executing further commands.