북한 해킹 단체 라자루스(Lazarus) 추측이 되는 악성코드-WerFault.lnk(2024.8.19)
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | a4275f5d-5346-4d2e-a3ac-936bc02795b1 |
| Fingerprint | f539fac7eb34eb78 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 28, 2024, 1:56 a.m. |
| Added to db | Aug. 31, 2024, 11:17 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | 꿈을꾸는 파랑새 |
| Title | 북한 해킹 단체 라자루스(Lazarus) 추측이 되는 악성코드-WerFault.lnk(2024.8.19) |
| Detected Hints/Tags/Attributes | 22/1/32 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://wezard4u.tistory.com/429263 |
| Details | Source | http://wezard4u.tistory.com/429263 |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 478 | ✔ | 꿈을꾸는 파랑새 | https://wezard4u.tistory.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | trojan.win64.kryptik.sa |
|
| Details | Domain | 2 | generic.ml |
|
| Details | Domain | 27 | trojan.win |
|
| Details | Domain | 5 | trojan.tr |
|
| Details | File | 81 | werfault.exe |
|
| Details | File | 1 | %temp%\werfault.exe |
|
| Details | File | 44 | vboxtray.exe |
|
| Details | File | 42 | vboxservice.exe |
|
| Details | File | 14 | vmusrvc.exe |
|
| Details | File | 14 | vmsrvc.exe |
|
| Details | File | 26 | vmacthlp.exe |
|
| Details | File | 14 | vmware.exe |
|
| Details | File | 30 | vmwareuser.exe |
|
| Details | File | 3 | vmount2.exe |
|
| Details | File | 1 | xsvc_depriv.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 28 | vmwaretray.exe |
|
| Details | File | 9 | xenservice.exe |
|
| Details | File | 10 | faultrep.dll |
|
| Details | File | 1 | w64.ai |
|
| Details | File | 10 | 송장.bmp |
|
| Details | File | 11 | 악성코드-integration.pdf |
|
| Details | md5 | 1 | e0c3282206b5533bb3272741212cb6e1 |
|
| Details | md5 | 1 | bdf6730d5c52821e237a7ceb47d8838d |
|
| Details | md5 | 1 | 0dda91a21b6f6536715eb83f21c75451 |
|
| Details | md5 | 1 | e4b8e64ba6493120c7728bddc844e628 |
|
| Details | sha1 | 1 | 164107e62657aed8fe29d026f8a78fdba90e64c6 |
|
| Details | sha1 | 1 | 5162e8b479835c2aff439bf5a0c5e70329d517f3 |
|
| Details | sha256 | 1 | ac7772803e0f65522f43357cb31b0b032eebdaff35b1a5c1666a9d8b1a36784f |
|
| Details | sha256 | 1 | 0b1d881b010b2230a5ba9e5d9a0f0d31e00ccd6ebedd2568e002e6d35d9967ef |
|
| Details | Microsoft Patch Numbers | 12 | KB5041580 |
|
| Details | Microsoft Patch Numbers | 13 | KB5041585 |