ioc[.]one - OSINT Cyber Threat Intelligence Database

New Malicious PyPI Packages used by Lazarus - JPCERT/CC Eyes

Tags

attack-pattern:

Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	cc5c866e-839c-4721-a48b-744a5727a890
Fingerprint	841128dbe8768301
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 28, 2024, midnight
Added to db	Aug. 31, 2024, 1:53 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	JPCERT/CC Eyes
Title	New Malicious PyPI Packages used by Lazarus - JPCERT/CC Eyes
Detected Hints/Tags/Attributes	33/1/47

Source URLs

	Redirection	Url
Details	Source	https://blogs.jpcert.or.jp/en/2024/02/lazarus_pypi.html

URL Provider

Details	Provider	Source level domain
Details	jpcert.or.jp	blogs.jpcert.or.jp

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	62	✔	JPCERT/CCブログ英語版	https://blogs.jpcert.or.jp/en/atom.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	22	test.py
Details	Domain	2	output.py
Details	Domain	1	chaingrown.com
Details	Domain	55	blog.google
Details	Domain	7	blog.phylum.io
Details	Domain	1	blockchain-newtech.com
Details	Domain	1	fasttet.com
Details	File	24	test.py
Details	File	61	__init__.py
Details	File	1	output.py
Details	File	101	iconcache.db
Details	File	193	ntuser.dat
Details	File	1018	rundll32.exe
Details	File	1	manage.asp
Details	File	9	download.asp
Details	File	1	agency.asp
Details	File	7	upload.asp
Details	File	13	7.tar
Details	File	7	6.tar
Details	File	7	8.tar
Details	sha256	1	b4a04b450bb7cae5ea578e79ae9d0f203711c18c3f3a6de9900d2bdfaa4e7f67
Details	sha256	1	c56c94e21913b2df4be293001da84c3bb20badf823ccf5b6a396f5f49df5efff
Details	sha256	1	956d2ed558e3c6e447e3d4424d6b14e81f74b63762238e84069f9a7610aa2531
Details	sha256	1	6bba8f488c23a0e0f753ac21cd83ddeac5c4d14b70d4426d7cdeebdf813a1094
Details	sha256	1	173e6bc33efc7a03da06bf5f8686a89bbed54b6fc8a4263035b7950ed3886179
Details	sha256	1	3ab6e6fc888e4df602eff1c5bc24f3e976215d1e4a58f963834e5b225a3821f5
Details	sha256	1	60c080a29f58cf861f5e7c7fc5e5bddc7e63dd1db0badc06729d91f65957e9ce
Details	sha256	1	26437bc68133c2ca09bb56bc011dd1b713f8ee40a2acc2488b102dd037641c6e
Details	sha256	3	63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c
Details	sha256	1	e05142f8375070d1ea25ed3a31404ca37b4e1ac88c26832682d8d2f9f4f6d0ae
Details	sha256	1	01c5836655c6a4212676c78ec96c0ac6b778a411e61a2da1f545eba8f784e980
Details	sha256	1	aec915753612bb003330ce7ffc67cfa9d7e3c12310f0ecfd0b7e50abf427989a
Details	sha256	1	85c3a2b185f882abd2cc40df5a1a341962bc4616bc78a344768e4de1d5236ab7
Details	sha256	1	a4e4618b358c92e04fe6b7f94a114870c941be5e323735a2e5cd195138327f8f
Details	sha256	1	a8a5411f3696b276aee37eee0d9bed99774910a74342bbd638578a315b65e6a6
Details	sha256	1	8fb6d8a5013bd3a36c605031e86fd1f6bb7c3fdba722e58ee2f4769a820b86b0
Details	IPv4	3	91.206.178.125
Details	Pdb	1	f:\workspace\cbg\loader\npmloaderdll\x64\release\npmloaderdll.pdb
Details	Pdb	1	f:\workspace\cbg\npmloaderdll\x64\release\npmloaderdll.pdb
Details	Pdb	1	d:\workspace\cbg\windows\loader\npmloaderdll\x64\release\npmloaderdll.pdb
Details	Pdb	1	f:\workspace\cbg\loader\publicloaderfirst\x64\release\publicloaderfirst.pdb
Details	Url	5	https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers
Details	Url	1	https://blog.phylum.io/crypto-themed-npm-packages-found-delivering-stealthy-malware
Details	Url	1	https://blockchain-newtech.com/download/download.asp
Details	Url	1	https://fasttet.com/user/agency.asp
Details	Url	1	https://chaingrown.com/manage/manage.asp
Details	Url	1	http://91.206.178.125/upload/upload.asp