From Dream Job to Malware: DreamLoaders in Lazarus’ Recent Campaign

This report describes Lazarus Group's DreamJob campaign leveraging modular 'DreamLoaders'—trojanized TightVNC and multiple DLL loaders loaded via DLL sideloading and a malicious service—to deploy encrypted payloads, perform credential harvesting and access Microsoft/SharePoint resources; the analysis includes artifact behavior, chaining across .mui files, and IOCs (file hashes and domains).