ioc[.]one - OSINT Cyber Threat Intelligence Database

MagicRAT: Lazarus’ latest gateway into victim networks

Tags

country:	North Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Boot Or Logon Autostart Execution - T1547 Domains - T1583.001 Domains - T1584.001 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Scheduled Task - T1053.005 Screen Capture - T1513 Vulnerabilities - T1588.006 Scheduled Task - T1053 Screen Capture - T1113 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	cc8761f8-f6ca-41e9-8c5a-03fb3123fd26
Fingerprint	a798193904728f48
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 7, 2022, 8:01 a.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Vulnerability Information
Title	MagicRAT: Lazarus’ latest gateway into victim networks
Detected Hints/Tags/Attributes	78/3/33

Source URLs

	Redirection	Url
Details	Source	http://blog.talosintelligence.com/2022/09/lazarus-magicrat.html
Details	Source	https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	514	✔	—	https://blog.talosintelligence.com/feeds/posts/default	2024-09-01 14:09

Attributes

Details	Type	#Events	Value
Details	Domain	2	visual.1991-06.com
Details	Domain	904	snort.org
Details	Domain	2	gendoraduragonkgp126.com
Details	File	409	c:\windows\system32\cmd.exe
Details	File	4	pct.gif
Details	File	2	ahnupdate.log
Details	File	2125	cmd.exe
Details	File	2	mfcom1.gif
Details	File	2	logo_adm_org.gif
Details	File	2	tour_upt.html
Details	sha256	2	f6827dc5af661fbb4bf64bc625c78283ef836c6985bb2bfb836bd0c8d5397332
Details	sha256	2	f78cabf7a0e7ed3ef2d1c976c1486281f56a6503354b87219b466f2f7a0b65c4
Details	sha256	2	1f8dcfaebbcd7e71c2872e0ba2fc6db81d651cf654a21d33c78eae6662e62392
Details	sha256	2	bffe910904efd1f69544daa9b72f2a70fb29f73c51070bde4ea563de862ce4b1
Details	sha256	2	196fb1b6eff4e7a049cea323459cfd6c0e3900d8d69e1d80bffbaabd24c06eba
Details	sha256	2	1c926fb3bd99f4a586ed476e4683163892f3958581bf8c24235cd2a415513b7f
Details	sha256	3	f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c
Details	sha256	2	23eff00dde0ee27dabad28c1f4ffb8b09e876f1e1a77c1e6fb735ab517d79b76
Details	sha256	2	ca932ccaa30955f2fffb1122234fb1524f7de3a8e0044de1ed4fe05cab8702a5
Details	sha256	2	d20959b615af699d8fff3f0087faade16ed4919355a458a32f5ae61badb5b0ca
Details	IPv4	2	64.188.27.73
Details	IPv4	3	193.56.28.251
Details	IPv4	3	52.202.193.124
Details	IPv4	2	151.106.2.139
Details	IPv4	2	66.154.102.91
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	207	T1547
Details	Url	2	http://64.188.27.73/adm_bord/login_new_check.php
Details	Url	2	http://gendoraduragonkgp126.com/board/index.php
Details	Url	2	http://64.188.27.73/board/mfcom1.gif
Details	Url	2	http://64.188.27.73/board/pct.gif
Details	Url	2	http://64.188.27.73/board/logo_adm_org.gif
Details	Url	2	http://64.188.27.73/board/tour_upt.html