ioc[.]one - OSINT Cyber Threat Intelligence Database

Lazarus APT steals cryptocurrency and user data via a decoy MOBA game

Tags

attack-pattern:

Data Model Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Vulnerabilities - T1588.006

Show in Graph

Common Information

Type	Value
UUID	1f480151-5e10-4ac7-bc5d-3c6bac02ddc6
Fingerprint	aaa11a114837d280
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 23, 2024, 11 a.m.
Added to db	Oct. 23, 2024, 1:25 p.m.
Last updated	Nov. 11, 2024, 7:26 a.m.
Headline	The Crypto Game of Lazarus APT: Investors vs. Zero-days
Title	Lazarus APT steals cryptocurrency and user data via a decoy MOBA game
Detected Hints/Tags/Attributes	84/1/14

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	223	✔	Securelist	https://securelist.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	29		cve-2024-4947
Details	Domain	15		detankzone.com
Details	Domain	4		detankzone.zip
Details	Domain	3		api.detankzone.com
Details	Domain	52		socket.io
Details	Domain	5		ccwaterfall.com
Details	File	3		registers_.dat
Details	File	5		detankzone.zip
Details	md5	5		B2DC7AEC2C6D2FFA28219AC288E4750C
Details	md5	5		8312E556C4EEC999204368D69BA91BF4
Details	sha1	6		e5da4ab6366c5690dfd1bb386c7fe0c78f6ed54f
Details	sha1	6		7f28ad5ee9966410b15ca85b7facb70088a17c5f
Details	sha256	6		7353ab9670133468081305bd442f7691cf2f2c1136f09d9508400546c417833a
Details	sha256	6		59a37d7d2bf4cffe31407edd286a811d9600b68fe757829e30da4394ab65a4cc