ioc[.]one - OSINT Cyber Threat Intelligence Database

Lazarus APT conceals malicious code within BMP image to drop its RAT

Tags

country:	Japan South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Data Obfuscation - T1001 Mshta - T1170

Show in Graph

Common Information

Type	Value
UUID	cb08e5bb-abbf-4902-802d-0d5acef83252
Fingerprint	842e8d1121acf798
Analysis status	DONE
Considered CTI value	1
Text language
Published	April 19, 2021, midnight
Added to db	Sept. 11, 2022, 12:45 p.m.
Last updated	Nov. 19, 2024, 3:59 p.m.
Headline	Lazarus APT conceals malicious code within BMP image to drop its RAT
Title	Lazarus APT conceals malicious code within BMP image to drop its RAT
Detected Hints/Tags/Attributes	53/3/19

Source URLs

	Redirection	Url
Details	Source	https://blog.malwarebytes.com/malwarebytes-news/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/
Details	Source	https://blog.malwarebytes.com/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		image003.zip
Details	Domain	2		wscript.run
Details	Domain	5		mail.namusoft.kr
Details	Domain	4		www.jinjinpig.co.kr
Details	Domain	2		jinjinpig.co.kr
Details	File	4		참가신청서양식.doc
Details	File	3		image003.png
Details	File	3		image003.zip
Details	File	1		appstore.exe
Details	File	1		c:\users\public\libraries\appstore.exe
Details	File	4		board.jsp
Details	File	13		board.php
Details	File	2134		cmd.exe
Details	File	5		test.gif
Details	File	457		mshta.exe
Details	sha256	1		f1eed93e555a0a33c7fef74084a6f8d06a92079e9f57114f523353d877226d72
Details	sha256	1		ed5fbefd61a72ec9f8a5ebd7fa7bcd632ec55f04bdd4a4e24686edccb0268e05
Details	Url	4		http://mail.namusoft.kr/jsp/user/eam/board.jsp
Details	Url	4		http://www.jinjinpig.co.kr/anyboard/skin/board.php