APT-C-26(Lazarus)组织伪造电商组件攻击活动分析报告
Tags
| attack-pattern: | Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | bd090268-66b4-4b79-a5c3-255393d098d2 |
| Fingerprint | ba485bf0fd1b6581 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Feb. 21, 2022, midnight |
| Added to db | Sept. 11, 2022, 12:30 p.m. |
| Last updated | Nov. 17, 2024, 5:54 p.m. |
| Headline | APT-C-26(Lazarus)组织伪造电商组件攻击活动分析报告 |
| Title | APT-C-26(Lazarus)组织伪造电商组件攻击活动分析报告 |
| Detected Hints/Tags/Attributes | 13/1/12 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/USitU4jAg9y2XkQxbwcAPQ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | www.stracarrara.org |
|
| Details | Domain | 403 | securelist.com |
|
| Details | File | 1 | 涉及伪造组件alibabaprotect.db |
|
| Details | File | 1 | alibabaconf.bat |
|
| Details | File | 2 | image.asp |
|
| Details | File | 1 | list.asp |
|
| Details | md5 | 1 | b25f1917d45fd0db2c82feb239b9e69e |
|
| Details | Pdb | 2 | w:\develop\tool\httpuploader\httppost\pro\_bin\rundll\64\sqlite3.pdb |
|
| Details | Threat Actor Identifier - APT-C | 30 | APT-C-26 |
|
| Details | Url | 1 | http://www.stracarrara.org/public/photos/image/image.asp |
|
| Details | Url | 1 | http://www.stracarrara.org/public/photos/image/image.asphttps://www.namchuncheon.co.kr/html/notice/list.asp |
|
| Details | Url | 2 | https://securelist.com/lazarus-threatneedle/100803 |