Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
Tags
country: | South Korea |
attack-pattern: | Malware - T1587.001 Malware - T1588.001 Python - T1059.006 |
Common Information
Type | Value |
---|---|
UUID | 3d063412-f35f-4a78-8766-e1bb8ed068e1 |
Fingerprint | d992291f4d66e278 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | July 9, 2021, 2:50 a.m. |
Added to db | Sept. 11, 2022, 12:35 p.m. |
Last updated | Dec. 21, 2024, 4:49 a.m. |
Headline | Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea |
Title | Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea |
Detected Hints/Tags/Attributes | 21/2/19 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 2 | grandgolf.co.kr |
|
Details | Domain | 1 | www.namchuncheon.co.kr |
|
Details | Domain | 1 | www.kdone.co.kr |
|
Details | File | 2 | compareplus.dll |
|
Details | File | 21 | scskapplink.dll |
|
Details | File | 1 | c:\programdata\scskapplink.dll |
|
Details | File | 11 | inisafecrosswebexsvc.exe |
|
Details | File | 1 | c:\program files\initech\inisafe web ex client\inisafecrosswebexsvc.exe |
|
Details | File | 2 | comp.exe |
|
Details | File | 1 | c:\windows\system32\comp.exe |
|
Details | File | 1 | facilities_01_06.asp |
|
Details | File | 1 | nppastyle.dll |
|
Details | File | 1 | search_left.asp |
|
Details | File | 1 | emailutil.asp |
|
Details | md5 | 3 | b3a8c88297daecdb9b0ac54a3c107797 |
|
Details | md5 | 1 | 98151ba9f3e0a55bba16c58428b3a178 |
|
Details | sha1 | 2 | 46660f562fe01b5df0e1ac03dd44b4cc8d2fa5f5 |
|
Details | sha256 | 2 | a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776 |
|
Details | sha256 | 1 | 61367c3a1d4c9ccaee568157bc4cf2feb997161ed3395878a448d8a2bf67dfa9 |