Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped) - ASEC BLOG
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 97054513-2324-49b2-b118-d68f0c98439d |
| Fingerprint | a494bc81c4660a33 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 19, 2022, 1 p.m. |
| Added to db | Sept. 11, 2022, 12:33 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped) |
| Title | Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped) - ASEC BLOG |
| Detected Hints/Tags/Attributes | 48/1/41 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/34461/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 397 | cve-2021-44228 |
|
| Details | Domain | 3 | mail.usengineergroup.com |
|
| Details | Domain | 2 | iosk.org |
|
| Details | Domain | 2 | jin.zip |
|
| Details | Domain | 2 | jin-6.zip |
|
| Details | File | 13 | ws_tomcatservice.exe |
|
| Details | File | 1206 | index.php |
|
| Details | File | 13 | member.php |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 4 | pwstealer.c4 |
|
| Details | File | 4 | nukesped.c4 |
|
| Details | File | 2 | htroy.exe |
|
| Details | File | 6 | svc.exe |
|
| Details | File | 3 | srvcredit.exe |
|
| Details | File | 2 | runhostw.exe |
|
| Details | File | 2 | javarw.exe |
|
| Details | File | 3 | add.bat |
|
| Details | File | 4 | mad.bat |
|
| Details | File | 2 | jin.zip |
|
| Details | File | 2 | jin-6.zip |
|
| Details | md5 | 3 | 87a6bda486554ab16c82bdfb12452e8b |
|
| Details | md5 | 3 | 830bc975a04ab0f62bfedf27f7aca673 |
|
| Details | md5 | 3 | 131fc4375971af391b459de33f81c253 |
|
| Details | md5 | 3 | 827103a6b6185191fd5618b7e82da292 |
|
| Details | md5 | 4 | 1875f6a68f70bee316c8a6eda9ebf8de |
|
| Details | md5 | 4 | 85995257ac07ae5a6b4a86758a2283d7 |
|
| Details | md5 | 4 | 47791bf9e017e3001ddc68a7351ca2d6 |
|
| Details | md5 | 2 | 7a19c59c4373cadb4556f7e30ddd91ac |
|
| Details | md5 | 2 | c2412d00eb3b4bccae0d98e9be4d92bb |
|
| Details | md5 | 2 | 8c8a38f5af62986a45f2ab4f44a0b983 |
|
| Details | md5 | 2 | 7ef97450e84211f9f35d45e1e6ae1481 |
|
| Details | md5 | 2 | dd4b8a2dc73a29bc7a598148eb8606bb |
|
| Details | IPv4 | 4 | 11.11.11.1 |
|
| Details | IPv4 | 2 | 185.29.8.18 |
|
| Details | IPv4 | 2 | 84.38.133.145 |
|
| Details | IPv4 | 2 | 84.38.133.16 |
|
| Details | Url | 2 | http://185.29.8.18/htroy.exe |
|
| Details | Url | 2 | http://iosk.org/pms/add.bat |
|
| Details | Url | 2 | http://iosk.org/pms/mad.bat |
|
| Details | Url | 2 | http://iosk.org/pms/jin.zip |
|
| Details | Url | 2 | http://iosk.org/pms/jin-6.zip |