![]() ![]() The TSA Score is determined by analyzing the latest review data from multiple independent testing laboratories, other reputable third party review sites and our many years of experience in the security software industry. Reality is, if you obtain a nasty Ransomware virus as an example, does having a product that uses limited computer resources matter if you can no longer access your computer? With increasing computer processor speeds being able to handle heavy workloads and improving performance significantly, TSA Scores are focused more on how well a security product protects your system from malware, viruses, and threats as opposed to how much system impact does this security product have. The Software Authority strives to be different! Our results are based on factual data and you will never see a non-certified product that you never heard of being rated highly for the sole purpose of pushing sales like we often see on other review sites. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.Score 91.30% MSRP $59.99 From $44.99 Buy Now US-CERT and the FBI call this group HIDDEN COBRA.įor more technical information about WinorDLL64, check out the blog post “ WinorDLL64: A backdoor from the vast Lazarus arsenal?” on WeLiveSecurity. Researchers from AhnLab confirmed South Korean victims of Wslink in their telemetry, which is a relevant indicator, considering the traditional Lazarus targets and that ESET Research observed only a few detections.Īctive since at least 2009, this infamous North Korea-aligned group is responsible for high-profile incidents such as the Sony Pictures Entertainment hack, the tens-of-millions-of-dollars cyberheists in 2016, the WannaCryptor (aka WannaCry) outbreak in 2017, and a long history of disruptive attacks against South Korean public and critical infrastructure since at least 2011. ESET telemetry has seen only a few detections of the Wslink loader in Central Europe, North America, and the Middle East. ![]() The initially unknown Wslink payload was uploaded to VirusTotal from South Korea shortly after the publication of an ESET Research blog post on the Wslink loader. WinorDLL64 contains overlaps in both behavior and code with several Lazarus samples, which indicates that it might be a tool from the vast arsenal of this North Korea-aligned APT group. The Wslink loader listens on a port specified in the configuration and can serve additional connecting clients, and even load various payloads,” he adds. “The Wslink payload can be leveraged later for lateral movement, due to its specific interest in network sessions. As the wording suggests, a loader serves as a tool to load a payload, or the actual malware, onto the already compromised system,” explains Vladislav Hrčka, the ESET researcher who made the discovery. “Wslink, which has the filename WinorLoaderDLL64.dll, is a loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. Wslink’s payload can exfiltrate, overwrite, and remove files, execute commands, and obtain extensive information about the underlying system. ![]() The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group Lazarus. BRATISLAVA, MONTREAL - FebruESET researchers have discovered the WinorDLL64 backdoor, one of the payloads of the Wslink downloader. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |