Taiwan Heist: Lazarus Tools and Ransomware
Tags
country: Bangladesh Belgium Cambodia North Korea Sri Lanka Mexico Poland Russia Taiwan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 69731e0c-62d1-42cb-8ad4-1a76f3b63db6
Fingerprint a7947859eb6387c1
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 16, 2017, 10:32 p.m.
Added to db Aug. 30, 2024, 11:12 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline BAE Systems Threat Research Blog
Title Taiwan Heist: Lazarus Tools and Ransomware
Detected Hints/Tags/Attributes 94/3/39
Source URLs
Redirection Url
Details Source http://baesystemsai.blogspot.kr/2017/10/taiwan-heist-lazarus-tools.html
Details Source https://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html
Details Source http://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html
Details Source http://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html
Details Source https://baesystemsai.blogspot.com/2017/10/taiwan-heist-lazarus-tools.html?spref=tw
Details Source https://baesystemsai.blogspot.kr/2017/10/taiwan-heist-lazarus-tools.html
URL Provider
Details Provider Source level domain
Details blogspot.com baesystemsai.blogspot.com
Details blogspot.de baesystemsai.blogspot.de
Details blogspot.kr baesystemsai.blogspot.kr
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 3 BAE Systems Threat Research Blog http://baesystemsai.blogspot.com/feeds/posts/default 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 7 
www.bitcoin.com
Details Domain 30 
bitmessage.ch
Details Domain 7 
www.baesystems.com
Details Email 1 
bm-2cvczl1xfve1yggkwebgg1ge6xj5pygfgw@bitmessage.ch
Details Email 1 
bm-2ct4u1vbdjfqkdewmexgcws9sfnmk1gltf@bitmessage.ch
Details File 2 
bitsran.exe
Details File 2 
rsw7b37.tmp
Details File 198 
msmpeng.exe
Details File 2 
filetokenbroker.dll
Details File 4 
splwow32.exe
Details File 1 
c:\windows\temp\bitsran.exe
Details File 11 
tmbmsrv.exe
Details File 6 
tmccsf.exe
Details File 14 
cntaosmgr.exe
Details File 29 
ntrtscan.exe
Details File 29 
pccntmon.exe
Details File 16 
tmlisten.exe
Details File 5 
tmpfw.exe
Details File 1 
rswxxxx.tmp
Details File 2126 
cmd.exe
Details File 6 
fdsvc.dll
Details File 1122 
svchost.exe
Details File 1 
c:\windows\system32\en-us\svchost.dll
Details File 1 
c:\windows\system32\en-us\netsvc.dll
Details File 345 
vssadmin.exe
Details File 1208 
powershell.exe
Details File 2 
testlib.dll
Details md5 1 
9563e2f443c3b4e1b00f25be0a30d56e
Details md5 1 
d08f1211fe0138134e822e31a47ec5d4
Details md5 1 
b27881f59c8d8cc529fa80a58709db36
Details md5 2 
3c9e71400b72cc0213c9c3e4ab4df9df
Details md5 1 
0edbad9e6041d43f97c7369439a40138
Details md5 2 
97aaf130cfa251e5207ea74b2558293d
Details md5 1 
62217af0299d6e241778adb849fd2823
Details md5 1 
0dd7da89b7d1fe97e669f8b4156067c8
Details md5 1 
61075faba222f97d3367866793f0907b
Details Url 5 
https://www.bitcoin.com/buy-bitcoin
Details Url 1 
http://www.baesystems.com/en/cybersecurity/swift-customer-security-programme
Details Windows Registry Key 48 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run