ioc[.]one - OSINT Cyber Threat Intelligence Database

APT-C-26（Lazarus）组织使用EarlyRat的攻击活动分析

Tags

attack-pattern:

Malware - T1587.001 Malware - T1588.001

Show in Graph

Common Information

Type	Value
UUID	66313b08-8a0a-495a-a02d-97652528489c
Fingerprint	1f7e51e51f730e1f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 13, 2023, midnight
Added to db	Oct. 23, 2023, 1:07 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	APT-C-26（Lazarus）组织使用EarlyRat的攻击活动分析
Title	APT-C-26（Lazarus）组织使用EarlyRat的攻击活动分析
Detected Hints/Tags/Attributes	17/1/19

Source URLs

	Redirection	Url
Details	Source	https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247565935&idx=2&sn=1981354272ed20f998b3487ad43ccf6f&chksm=9f8d5267a8fadb71f92bedc21a3b747706a5c8d46ecf1bb2444e70669d3c60356a599d2306af&scene=58&subscene=0#rd

URL Provider

Details	Provider	Source level domain
Details	qq.com	mp.weixin.qq.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	265	✔	360数字安全	https://wechat2rss.xlab.app/feed/85e7bf4fe192ded1a15f130aa43ac306d227f61b.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	File	1		%appdata%\microsoft\windows\start menu\programs\startup\whealthscanner.exe
Details	File	1		文件将被移动并重命名为whealthscanner.exe
Details	File	2125		cmd.exe
Details	File	1		在启动文件夹搜索whealthscanner.exe
Details	File	13		help.php
Details	File	3		lazarus-three-rats.html
Details	md5	1		8031958a3156187fa53490fb98c39afd
Details	md5	1		344a7f277f3d7dd2dc0e86f69c3ca49d
Details	md5	2		39598b710e44a5d27684dfa463ce5148
Details	md5	1		e439f850aa8ead560c99a8d93e472225
Details	md5	1		d642c62147fbdee00412c0604a25a58b
Details	md5	1		74f1b7a57cd76279ec16b311089995a6
Details	md5	1		78e7b9ab205ea31f7eef26de6293f103
Details	IPv4	2		226.132.219.125
Details	IPv4	2		74.124.228.148
Details	IPv4	2		40.121.90.194
Details	Threat Actor Identifier - APT-C	30		APT-C-26
Details	Url	2		http://40.121.90.194/help.php
Details	Url	1		https://www.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-new-malware-family-used-by-andariel-lazarus-subgroup[2]https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html