New Malware of Lazarus Threat Actor Group Exploiting INITECH Process - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 9d898ce6-d19b-4aa0-9081-b6bbc691e444 |
| Fingerprint | 8f2c192f84eb0f07 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 26, 2022, 9:40 a.m. |
| Added to db | Sept. 11, 2022, 4:59 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | New Malware of Lazarus Threat Actor Group Exploiting INITECH Process |
| Title | New Malware of Lazarus Threat Actor Group Exploiting INITECH Process - ASEC BLOG |
| Detected Hints/Tags/Attributes | 37/2/81 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/33801/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | materic.or.kr |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 4 | www.materic.or.kr |
|
| Details | Domain | 2 | www.gaonwell.com |
|
| Details | Domain | 2 | www.h-cube.co.kr |
|
| Details | Domain | 4 | www.shoppingbagsdirect.com |
|
| Details | Domain | 2 | www.okkids.kr |
|
| Details | Domain | 2 | www.namchoncc.co.kr |
|
| Details | File | 11 | inisafecrosswebexsvc.exe |
|
| Details | File | 2 | iniclientsvc_x64.exe |
|
| Details | File | 20 | scskapplink.dll |
|
| Details | File | 2 | main_top.asp |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 4 | c:\users\public\scskapplink.dll |
|
| Details | File | 14 | login.asp |
|
| Details | File | 2 | gallery.asp |
|
| Details | md5 | 2 | 4541efd1c54b53a3d11532cb885b2202 |
|
| Details | md5 | 2 | 0775D753AEAEBC1CFF491E42C8950EC0 |
|
| Details | md5 | 2 | 0AC90C7AD1BE57F705E3C42380CBCCCD |
|
| Details | md5 | 2 | 0F994F841C54702DE0277F19B1AC8C77 |
|
| Details | md5 | 2 | 196FE14B4EC963BA98BBAF4A23A47AEF |
|
| Details | md5 | 4 | 1E7D604FADD7D481DFADB66B9313865D |
|
| Details | md5 | 2 | 2EF844ED5DCB9B8B38EBDE3B1E2A450C |
|
| Details | md5 | 2 | 39457097686668A2F937818A62560FE7 |
|
| Details | md5 | 2 | 3D7E3781BD0B89BA88C08AA443B11FE5 |
|
| Details | md5 | 2 | 3ECD26BACD9DD73819908CBA972DB66B |
|
| Details | md5 | 2 | 4B96D9CA051FC68518B5A21A35F001D0 |
|
| Details | md5 | 2 | 4E2DFD387ADDEE4DE615A57A2008CFC6 |
|
| Details | md5 | 2 | 5349C845499A6387823FF823FCCAA229 |
|
| Details | md5 | 2 | 570F65824F055DE16EF1C392E2E4503A |
|
| Details | md5 | 2 | 683713A93337F343149A5B3836475C5D |
|
| Details | md5 | 2 | 6929CAA7831AE2600410BC5664F692B3 |
|
| Details | md5 | 2 | 6A240B2EDC1CA2B652DBED44B27CB05F |
|
| Details | md5 | 2 | 7188F827D8106F563980B3CCF5558C23 |
|
| Details | md5 | 2 | 7607EF6426F659042D3F1FFBFEA13E6A |
|
| Details | md5 | 4 | 7870DECBC7578DA1656D1D1FF992313C |
|
| Details | md5 | 2 | 7BF6B3CD3B3034ABB0967975E56F0A4B |
|
| Details | md5 | 2 | 81E922198D00BE3E6D41DCE773C6A7FB |
|
| Details | md5 | 2 | 878AD11012A2E965EA845311FB1B059F |
|
| Details | md5 | 2 | 8FCDF6506CA05EFAFC5AF35E0F09B341 |
|
| Details | md5 | 2 | 933B640D26E397122CE8DE9293705D71 |
|
| Details | md5 | 2 | A329AC7215369469D72B93C1BAC1C3C4 |
|
| Details | md5 | 2 | A8B90B2DD98C4FDD4AE84A075A5A9473 |
|
| Details | md5 | 2 | ADF0D4BBEFCCF342493E02538155E611 |
|
| Details | md5 | 2 | B213063F28E308ADADF63D3B506E794E |
|
| Details | md5 | 4 | B3E03A41CED8C8BAA56B8B78F1D55C22 |
|
| Details | md5 | 2 | B5EAEC8CE02D684BAA3646F39E8BC9B5 |
|
| Details | md5 | 2 | B85FDE972EE618A225BFBA1CEF369CC8 |
|
| Details | md5 | 2 | B91D1A5CC4A1DE0493C1A9A9727DB6F9 |
|
| Details | md5 | 2 | B974BC9E6F375F301AE2F75D1E8B6783 |
|
| Details | md5 | 2 | BB9F5141C53E74C9D80DCE1C1A2A13F0 |
|
| Details | md5 | 2 | C99D5E7EDBA670515B7B8A4A32986149 |
|
| Details | md5 | 2 | CB5401C760B89D80657FC0EFC605AE62 |
|
| Details | md5 | 2 | D3BFA72CC8F6F8D3D822395DBC8CD8B8 |
|
| Details | md5 | 2 | D57F8CD2F49E34BEDA94B0F90426F7B3 |
|
| Details | md5 | 2 | D9BC5EDCE4B1C4A941B0BF8E3FAC3EA8 |
|
| Details | md5 | 2 | DD3710ABFACDF381801BB11CF142BD29 |
|
| Details | md5 | 2 | DD759642659D7B2C7FD365CBEFF4942E |
|
| Details | md5 | 2 | E04206BA707DE4CDE94EFEDA6752D0CA |
|
| Details | md5 | 2 | E6265DCCFDEF1D1AA134AEC6236734F8 |
|
| Details | md5 | 2 | E84404DED7096CD42EF39847DE002361 |
|
| Details | md5 | 2 | E8D7EAF96B3E5AEE219013C55682968C |
|
| Details | md5 | 2 | EC99EBB78857211EB52EB84750D070E7 |
|
| Details | md5 | 2 | F15FD25A4C6E94E2202090BBB82EBC39 |
|
| Details | md5 | 2 | F48369111F2FAABB0CCB5D1D90491E0E |
|
| Details | IPv4 | 1 | 164.125.51.42 |
|
| Details | IPv4 | 1 | 49.247.9.177 |
|
| Details | IPv4 | 1 | 211.218.150.44 |
|
| Details | IPv4 | 1 | 80.244.187.216 |
|
| Details | IPv4 | 1 | 112.175.92.56 |
|
| Details | IPv4 | 1 | 59.8.194.228 |
|
| Details | Url | 1 | https://materic.or.kr/include/main/main_top.asp?prd_fld=racket |
|
| Details | Url | 3 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical |
|
| Details | Url | 2 | https://www.materic.or.kr/include/main/main_top.asp |
|
| Details | Url | 2 | https://www.gaonwell.com/data/base/mail/login.asp |
|
| Details | Url | 2 | http://www.h-cube.co.kr/main/image/gellery/gallery.asp |
|
| Details | Url | 2 | https://www.shoppingbagsdirect.com/media/images/?ui=t |
|
| Details | Url | 2 | https://www.okkids.kr/html/program/display/?re=32 |
|
| Details | Url | 2 | https://www.namchoncc.co.kr/include/?ind=55 |