ioc[.]one - OSINT Cyber Threat Intelligence Database

라자루스(Lazarus) APT, 유령 꼭두각시(Operation Ghost Puppet)

Tags

maec-delivery-vectors:

Show in Graph

Common Information

Type	Value
UUID	67c4a7cf-ce3f-4181-b0fe-001e7da08598
Fingerprint	63d5ac489fff8773
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 20, 2018, 2:58 p.m.
Added to db	Jan. 30, 2023, 4:34 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline
Title	라자루스(Lazarus) APT, 유령 꼭두각시(Operation Ghost Puppet)
Detected Hints/Tags/Attributes	17/1/28

Source URLs

	Redirection	Url
Details	Source	http://blog.alyac.co.kr/1901

URL Provider

Details	Provider	Source level domain
Details	alyac.co.kr	blog.alyac.co.kr

Attributes

Details	Type	#Events	Value
Details	Domain	10	bin0001.ps
Details	Domain	1	emb00000cf808e8.ps
Details	Domain	2	tpddata.com
Details	Domain	2	www.pakteb.com
Details	Domain	2	www.nuokejs.com
Details	Domain	2	www.qdbazaar.com
Details	Domain	1	bizforms.co.kr
Details	Domain	11	www.estsecurity.com
Details	Domain	69	trojan.android
Details	File	2	bin0001.ps
Details	File	4	gbb.exe
Details	File	1	emb00000cf808e8.ps
Details	File	1260	explorer.exe
Details	File	2	gcoin2.swf
Details	File	2127	cmd.exe
Details	md5	1	A7328FB36AF985BCAE0ED4EC7FA75659
Details	md5	1	78E8C150481107D7A5ED99E7E420FD24
Details	md5	1	A7C804B62AE93D708478949F498342F9
Details	md5	1	7706D38718707A73DCE032F79EEA43EF
Details	md5	1	5C35360D28082E6E32D3E8EE347843FB
Details	md5	1	E904BF93403C0FB08B9683A9E858C73E
Details	md5	1	FA6EE9E969DF5CA4524DAA77C172A1A7
Details	IPv4	1	104.221.134.28
Details	IPv4	1	104.195.1.39
Details	IPv4	1	104.31.74.89
Details	Url	2	https://tpddata.com/flash/gcoin2.swf
Details	Url	2	https://tpddata.com/flash/gcoin4.swf
Details	Url	3	https://www.estsecurity.com/product/threatinside