Lazarus武器库更新:Andariel近期攻击样本分析
Tags
| attack-pattern: | Data |
Common Information
| Type | Value |
|---|---|
| UUID | 228d6002-7c7a-41d5-a2fb-e1efd77f9c1d |
| Fingerprint | edd6d7023c18d0f5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 8, 2022, midnight |
| Added to db | Jan. 30, 2023, 4:32 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Lazarus武器库更新:Andariel近期攻击样本分析 |
| Title | Lazarus武器库更新:Andariel近期攻击样本分析 |
| Detected Hints/Tags/Attributes | 14/1/42 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/QfbzuIKUPTXE4GdpBMsGbQ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | mail.usengineergroup.com |
|
| Details | Domain | 403 | securelist.com |
|
| Details | Domain | 189 | asec.ahnlab.com |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 1 | scsetup_original.exe |
|
| Details | File | 1 | onenoteauth.exe |
|
| Details | File | 207 | login.php |
|
| Details | File | 1 | thumbcache_2022.db |
|
| Details | File | 1 | 如果thumbcache_2022.db |
|
| Details | File | 1 | 写入thumbcache_2022.db |
|
| Details | File | 1 | detectav1.ps1 |
|
| Details | File | 1 | nahimicinterface.exe |
|
| Details | File | 1206 | index.php |
|
| Details | File | 13 | member.php |
|
| Details | File | 73 | view.php |
|
| Details | File | 1 | lazarus-그룹의-nukesped-악성코드-분석-보고서.pdf |
|
| Details | md5 | 2 | 079b4588eaa99a1e802adf5e0b26d8aa |
|
| Details | md5 | 4 | 47791bf9e017e3001ddc68a7351ca2d6 |
|
| Details | md5 | 4 | 1875f6a68f70bee316c8a6eda9ebf8de |
|
| Details | md5 | 2 | 5be1e382cd9730fbe386b69bd8045ee7 |
|
| Details | md5 | 2 | 2e18350194e59bc6a2a3f6d59da11bd8 |
|
| Details | md5 | 2 | 3bd22e0ac965ebb6a18bb71ba39e96dc |
|
| Details | md5 | 2 | 17c46ed7b80c2e4dbea6d0e88ea0827c |
|
| Details | md5 | 2 | 85f6e3e3f0bdd0c1b3084fc86ee59d19 |
|
| Details | md5 | 2 | bdece9758bf34fcad9cba1394519019b |
|
| Details | md5 | 2 | d0e203e8845bf282475a8f816340f2e8 |
|
| Details | md5 | 2 | 5130888a0ad3d64ad33c65de696d3fa2 |
|
| Details | md5 | 2 | b1c1d28dc7da1d58abab73fa98f60a83 |
|
| Details | md5 | 2 | 5c6f9c83426c6d33ff2d4e72c039b747 |
|
| Details | IPv4 | 1 | 109.248.144.155 |
|
| Details | IPv4 | 1 | 109.248.144.136 |
|
| Details | IPv4 | 1 | 155.94.210.11 |
|
| Details | IPv4 | 1 | 45.57.245.17 |
|
| Details | IPv4 | 1 | 193.56.28.32 |
|
| Details | Url | 1 | http://109.248.144.155/login.php |
|
| Details | Url | 1 | http://109.248.144.155/login.php发送post请求回传主机信息 |
|
| Details | Url | 44 | https://sandbox.ti.qianxin.com/sandbox/page |
|
| Details | Url | 1 | http://155.94.210.11/covid/login.php |
|
| Details | Url | 1 | http://45.57.245.17/member/login.php |
|
| Details | Url | 1 | http://193.56.28.32/voris/view.php |
|
| Details | Url | 2 | https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811 |
|
| Details | Url | 1 | https://asec.ahnlab.com/wp-content/uploads/2021/11/lazarus-그룹의-nukesped-악성코드-분석-보고서.pdf |