ioc[.]one - OSINT Cyber Threat Intelligence Database

Unpacking APT38: Static and Dynamic Analysis of Lazarus Group Malware

Tags

cmtmf-attack-pattern:	Process Injection
country:	North Korea South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Software - T1592.002 Vulnerabilities - T1588.006 Dll Side-Loading - T1073 Modify Registry - T1112 Powershell - T1086 Process Injection - T1055

Show in Graph

Common Information

Type	Value
UUID	8a6e5389-b48d-47de-895a-0ac71a438085
Fingerprint	ad1c3909ed3a86d9
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 13, 2025, 11:50 p.m.
Added to db	April 14, 2025, 2:50 a.m.
Last updated	April 17, 2025, 3:30 p.m.
Headline	Unpacking APT38: Static and Dynamic Analysis of Lazarus Group Malware
Title	Unpacking APT38: Static and Dynamic Analysis of Lazarus Group Malware
Detected Hints/Tags/Attributes	88/4/25

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@InfoSecDion/unpacking-apt38-static-and-dynamic-analysis-of-lazarus-group-malware-d2828e0fd6f0?source=rss------malware-5
Details	Source	https://medium.com/@InfoSecDion/unpacking-apt38-static-and-dynamic-analysis-of-lazarus-group-malware-d2828e0fd6f0?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08
Details	171	✔	Malware on Medium	https://medium.com/feed/tag/malware	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1882	any.run
Details	Domain	27	malicious-site.com
Details	Domain	2	www.addfriend.kr
Details	Domain	3	settings-win.data.microsoft.com
Details	Domain	9	crl.microsoft.com
Details	Domain	11	ocsp.digicert.com
Details	File	1	875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24.exe
Details	File	215	update.exe
Details	File	1	c:\users\admin\appdata\local\temp\explorer.exe
Details	File	8	sppextcomobj.exe
Details	File	112	c:\windows\system32\svchost.exe
Details	File	17	slui.exe
Details	File	4	c:\windows\system32\sppextcomobj.exe
Details	File	1051	index.html
Details	File	1	656e64e24.exe
Details	File	3	settings-win.dat
Details	File	1	56e64e24.exe
Details	File	1287	svchost.exe
Details	md5	1	15DC6A28B875B4706BCC0DB4A026AEB0
Details	sha256	1	875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24
Details	IPv4	1	211.239.117.117
Details	Threat Actor Identifier - APT	210	APT38
Details	Url	1	http://malicious-site.com/update.exe
Details	Url	2	http://www.addfriend.kr/board/userfiles/temp/index.html
Details	Windows Registry Key	44	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run