Lazarus & Watering-hole attacks
Tags
country: Bangladesh Brazil Chile Colombia Denmark Uruguay India Spain Mexico Peru Poland United Kingdom United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID ae0fd208-1ac5-4374-b18e-62a1417fb8b1
Fingerprint a567a8910af202e1
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 12, 2017, 8:25 p.m.
Added to db Aug. 30, 2024, 11:12 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline BAE Systems Threat Research Blog
Title Lazarus & Watering-hole attacks
Detected Hints/Tags/Attributes 92/3/53
Source URLs
Redirection Url
Details Source https://baesystemsai.blogspot.com/2017/02/lazarus-watering-hole-attacks.html
Details Source http://baesystemsai.blogspot.kr/2017/02/lazarus-watering-hole-attacks.html
Details Source https://baesystemsai.blogspot.tw/2017/02/lazarus-watering-hole-attacks.html
URL Provider
Details Provider Source level domain
Details blogspot.com baesystemsai.blogspot.com
Details blogspot.kr baesystemsai.blogspot.kr
Details blogspot.tw baesystemsai.blogspot.tw
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 3 BAE Systems Threat Research Blog http://baesystemsai.blogspot.com/feeds/posts/default 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 26 
cve-2016-0034
Details Domain 6 
badcyber.com
Details Domain 6 
knf.gov.pl
Details Domain 6 
sap.misapor.ch
Details Domain 7 
www.eye-watch.in
Details Domain 105 
web.archive.org
Details Domain 64 
go.microsoft.com
Details Domain 2 
eye-watch.in
Details Domain 1 
www.cnbv.gob.mx
Details Domain 97 
virustotal.com
Details Domain 5 
brou.com.uy
Details Domain 454 
www.google.com
Details Domain 140 
archive.org
Details File 9 
view.jsp
Details File 7 
gpsvc.exe
Details File 12 
default.html
Details File 1 
silverlight.js
Details File 1 
sanciones.aspx
Details File 3 
images.jsp
Details File 1122 
svchost.exe
Details File 2127 
cmd.exe
Details File 4 
list.jsp
Details File 1 
shell_siver.dll
Details File 19 
system.xml
Details File 7 
linq.dll
Details File 8 
this.ini
Details File 1 
binaryreader.dll
Details File 7 
cambio.swf
Details md5 5 
85d316590edfb4212049c4490db08c4b
Details md5 3 
c1364bbf63b3617b25b58209e4529d8c
Details md5 5 
1bfbc0c9e0d9ceb5c3f4f6ced6bcfeae
Details md5 4 
4cc10ab3f4ee6769e520694a10f611d5
Details md5 4 
cb52c013f7af0219d45953bae663c9a2
Details md5 4 
1f7897b041a812f96f1925138ea38c46
Details md5 2 
911de8d67af652a87415f8c0a30688b2
Details md5 4 
1507e7a741367745425e0530e23768e6
Details md5 1 
7b4a8be258ecb191c4c519d7c486ed8a
Details md5 5 
6dffcfa68433f886b2e88fd984b4995a
Details IPv4 3 
125.214.195.17
Details IPv4 1 
196.29.166.218
Details IPv4 8 
1.0.7.0
Details Pdb 1 
c:\users\kkk\desktop\shell_siver\shell_siver\obj\release\shell_siver.pdb
Details Url 2 
http://sap.misapor.ch/vishop/view.jsp?pagenum=1
Details Url 1 
https://www.eye-watch.in/design/fancybox/pnf.action
Details Url 1 
http://web.archive.org/web/20170203175640/https://sap.misapor.ch/default.html
Details Url 1 
http://web.archive.org/web/20170203175641/https://sap.misapor.ch/silverlight.js
Details Url 1 
http://go.microsoft.com/fwlink/?linkid=149156&v=3.0.40624.0
Details Url 1 
http://go.microsoft.com/fwlink/?linkid=108181
Details Url 1 
http://www.cnbv.gob.mx/prensa/paginas/sanciones.aspx
Details Url 1 
http://www.eye-watch.in/jscroll/images/images.jsp?pagenum=1
Details Url 1 
http://brou.com.uy
Details Url 1 
https://www.eye-watch.in/design/fancybox/include/cambio.xap
Details Windows Registry Key 5 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet