Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus
Common Information
| Type | Value |
|---|---|
| UUID | 78e3f4b7-b1fc-40d0-af4c-3da70fae2ff3 |
| Fingerprint | 216f30f876331f0112a439cf5eb07b75b350f41fcbf7a98e012084417281c192 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 5, 2019, 3:32 p.m. |
| Added to db | March 9, 2024, 11:18 p.m. |
| Last updated | Aug. 31, 2024, 3:24 a.m. |
| Headline | Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus |
| Title | Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus |
| Detected Hints/Tags/Attributes | 117/3/34 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 54 | www.ahnlab.com |
|
| Details | Domain | 5 | secunewsview.do |
|
| Details | Domain | 9 | www.fsec.or.kr |
|
| Details | Domain | 4 | 910.do |
|
| Details | Domain | 7 | image.ahnlab.com |
|
| Details | Domain | 3 | blog.skinfosec.com |
|
| Details | Domain | 6 | blog.naver.com |
|
| Details | File | 4 | v3pscan.exe |
|
| Details | File | 33 | nc.exe |
|
| Details | File | 7 | nt.exe |
|
| Details | File | 2 | n5lic.exe |
|
| Details | File | 2 | nc5rt2.exe |
|
| Details | File | 16 | bin.exe |
|
| Details | File | 2 | vs1.vbs |
|
| Details | File | 10 | winrm.vbs |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 2 | nehomegpa.dll |
|
| Details | File | 3 | pcon.exe |
|
| Details | File | 3 | portc.exe |
|
| Details | File | 3 | zcon.exe |
|
| Details | File | 2 | crash.exe |
|
| Details | File | 58 | test.exe |
|
| Details | File | 3 | 89.pdf |
|
| Details | Pdb | 1 | rifle.pdb |
|
| Details | Pdb | 2 | c:\users\c8\desktop\rifle\release\rifle.pdb |
|
| Details | Pdb | 2 | e:\data\my projects\troy source code\tcp1st\rifle\release\rifle.pdb |
|
| Details | Pdb | 1 | server.pdb |
|
| Details | Url | 2 | http://www.ahnlab.com/kr/site/securityinfo/secunews/secunewsview.do?curpage=&menu_dist=1&seq=24229 |
|
| Details | Url | 2 | http://www.ahnlab.com/kr/site/securityinfo/secunews/secunewsview.do?menu_dist=2&seq=26565 |
|
| Details | Url | 3 | http://www.fsec.or.kr/user/bbs/fsec/21/13/bbsdataview/910.do |
|
| Details | Url | 3 | http://image.ahnlab.com/file_upload/asecissue_files/asec_report_vol.89.pdf |
|
| Details | Url | 3 | http://blog.skinfosec.com/221234553836 |
|
| Details | Url | 3 | http://blog.skinfosec.com/221234742268 |
|
| Details | Url | 3 | https://blog.naver.com/secustory/221213258234 |