ioc[.]one - OSINT Cyber Threat Intelligence Database

MagicRAT: Lazarus’ latest gateway into victim networks

Tags

cmtmf-attack-pattern:	Masquerading
country:	North Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Boot Or Logon Autostart Execution - T1547 Domains - T1583.001 Domains - T1584.001 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Multi-Factor Authentication - T1556.006 Scheduled Task - T1053.005 Screen Capture - T1513 Video Capture - T1512 Vulnerabilities - T1588.006 Masquerading - T1036 Scheduled Task - T1053 Screen Capture - T1113 Video Capture - T1125 Masquerading Screen Capture

Show in Graph

Common Information

Type	Value
UUID	c4f39c39-4458-4359-9b77-bbd0ae779192
Fingerprint	a7b8193945728ec9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 7, 2022, 8:01 a.m.
Added to db	Aug. 30, 2024, 10:09 p.m.
Last updated	Nov. 17, 2024, 1:48 p.m.
Headline	Cisco Talos Blog
Title	MagicRAT: Lazarus’ latest gateway into victim networks
Detected Hints/Tags/Attributes	78/4/33

Source URLs

	Redirection	Url
Details	Redirection	https://blog.talosintelligence.com/lazarus-magicrat
Details	Source	https://blog.talosintelligence.com/lazarus-magicrat/

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	visual.1991-06.com
Details	Domain	904	snort.org
Details	Domain	2	gendoraduragonkgp126.com
Details	File	409	c:\windows\system32\cmd.exe
Details	File	4	pct.gif
Details	File	2	ahnupdate.log
Details	File	2121	cmd.exe
Details	File	2	mfcom1.gif
Details	File	2	logo_adm_org.gif
Details	File	2	tour_upt.html
Details	sha256	2	f6827dc5af661fbb4bf64bc625c78283ef836c6985bb2bfb836bd0c8d5397332
Details	sha256	2	f78cabf7a0e7ed3ef2d1c976c1486281f56a6503354b87219b466f2f7a0b65c4
Details	sha256	2	1f8dcfaebbcd7e71c2872e0ba2fc6db81d651cf654a21d33c78eae6662e62392
Details	sha256	2	bffe910904efd1f69544daa9b72f2a70fb29f73c51070bde4ea563de862ce4b1
Details	sha256	2	196fb1b6eff4e7a049cea323459cfd6c0e3900d8d69e1d80bffbaabd24c06eba
Details	sha256	2	1c926fb3bd99f4a586ed476e4683163892f3958581bf8c24235cd2a415513b7f
Details	sha256	3	f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c
Details	sha256	2	23eff00dde0ee27dabad28c1f4ffb8b09e876f1e1a77c1e6fb735ab517d79b76
Details	sha256	2	ca932ccaa30955f2fffb1122234fb1524f7de3a8e0044de1ed4fe05cab8702a5
Details	sha256	2	d20959b615af699d8fff3f0087faade16ed4919355a458a32f5ae61badb5b0ca
Details	IPv4	2	64.188.27.73
Details	IPv4	3	193.56.28.251
Details	IPv4	3	52.202.193.124
Details	IPv4	2	151.106.2.139
Details	IPv4	2	66.154.102.91
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	206	T1547
Details	Url	2	http://64.188.27.73/adm_bord/login_new_check.php
Details	Url	2	http://gendoraduragonkgp126.com/board/index.php
Details	Url	2	http://64.188.27.73/board/mfcom1.gif
Details	Url	2	http://64.188.27.73/board/pct.gif
Details	Url	2	http://64.188.27.73/board/logo_adm_org.gif
Details	Url	2	http://64.188.27.73/board/tour_upt.html