라자루스(Lazarus) 그룹, 이스라엘 군수업체 대상 APT 역습
Tags
| country: | Israel |
| attack-pattern: | Data Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 3a8ffe4a-e6cd-46f1-8082-347fa17c53ba |
| Fingerprint | 4a8d98c65366178 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 27, 2019, 10:13 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 16, 2024, 12:27 a.m. |
| Headline | |
| Title | 라자루스(Lazarus) 그룹, 이스라엘 군수업체 대상 APT 역습 |
| Detected Hints/Tags/Attributes | 31/2/60 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.alyac.co.kr/2219 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 31 | cve-2018-20250 |
|
| Details | Domain | 2 | www.alahbabgroup.com |
|
| Details | Domain | 2 | www.khuyay.org |
|
| Details | Domain | 268 | www.virustotal.com |
|
| Details | Domain | 20 | ti.360.net |
|
| Details | Domain | 69 | trojan.android |
|
| Details | Domain | 1 | alahbabgroup.com |
|
| Details | Domain | 1 | khuyay.org |
|
| Details | File | 2 | sysaid-documentation.rar |
|
| Details | File | 1 | 'sysaid-documentation.rar |
|
| Details | File | 1 | 'ekrnview.exe |
|
| Details | File | 2 | ekrnview.exe |
|
| Details | File | 1 | commitment.pdf |
|
| Details | File | 1 | cloud.pdf |
|
| Details | File | 1 | sysaid.pdf |
|
| Details | File | 1 | us.png |
|
| Details | File | 4 | us.txt |
|
| Details | File | 2 | windows.txt |
|
| Details | File | 1 | instanddemo-preview.png |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 1 | vendor-landscape_mid-market-service-desk-software.pdf |
|
| Details | File | 1 | httpshelpdesk.sys |
|
| Details | File | 1 | comcustompage.jsp |
|
| Details | File | 1 | download_05.html |
|
| Details | File | 1 | 54sysaidserverpatch_18_1_54.exe |
|
| Details | File | 2 | 'thumbs.db |
|
| Details | File | 1 | 100m.bat |
|
| Details | File | 1 | perfcentercpl.ico |
|
| Details | File | 1 | 'guicache.db |
|
| Details | File | 1 | '1.docx |
|
| Details | File | 8 | desktop.exe |
|
| Details | File | 1 | 'telegram_desktop.vbs |
|
| Details | File | 1 | '1717.txt |
|
| Details | File | 6 | android.inf |
|
| Details | File | 1 | 1717.txt |
|
| Details | File | 2 | guicache.db |
|
| Details | File | 1 | telegram_desktop.vbs |
|
| Details | md5 | 1 | 96986b18a8470f4020ea78df0b3db7d4 |
|
| Details | md5 | 1 | 314e8105f28530eb0bf54891b9b3ff69 |
|
| Details | md5 | 1 | 102d3104a010e49f92a6903adc92c449 |
|
| Details | sha1 | 1 | 431c792fcc8ba9b58f0ffde5c8fe6fd93066ec45 |
|
| Details | sha256 | 1 | 2eb447785e5b35c42d842706d593a907d0bdbc50ad9d0327c3591ac4ef17ce6e |
|
| Details | IPv4 | 2 | 103.225.168.159 |
|
| Details | IPv4 | 1 | 198.96.95.58 |
|
| Details | IPv4 | 1 | 170.239.84.243 |
|
| Details | IPv4 | 2 | 47.91.56.21 |
|
| Details | Pdb | 1 | c:\users\albany\documents\visual studio 2012\projects\new march\new march\obj\debug\new march.pdb |
|
| Details | Pdb | 1 | march.pdb |
|
| Details | Pdb | 1 | 'writestring.pdb |
|
| Details | Pdb | 1 | c:\users\albany\documents\visual studio 2012\projects\new march\writestring\obj\debug\writestring.pdb |
|
| Details | Pdb | 1 | writestring.pdb |
|
| Details | Threat Actor Identifier - APT-C | 17 | APT-C-27 |
|
| Details | Url | 1 | http://www.alahbabgroup.com/bakala/verify.php |
|
| Details | Url | 1 | http://103.225.168.159/admin/verify.php |
|
| Details | Url | 1 | http://www.khuyay.org/odin_backup/public/loggoff.php |
|
| Details | Url | 1 | http://47.91.56.21/verify.php |
|
| Details | Url | 1 | https://www.virustotal.com/gui/ip-address/198.96.95.58/relations |
|
| Details | Url | 1 | https://www.virustotal.com/gui/ip-address/103.225.168.159/relations |
|
| Details | Url | 1 | https://www.virustotal.com/gui/ip-address/170.239.84.243/relations |
|
| Details | Url | 1 | https://www.virustotal.com/gui/ip-address/47.91.56.21/relations |