Lazarus supply‑chain attack in South Korea | WeLiveSecurity
Tags
Common Information
Type | Value |
---|---|
UUID | d65dde53-818e-490c-93b6-3c88c281c636 |
Fingerprint | 87008b58e761ab9e |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Nov. 16, 2020, 11:30 a.m. |
Added to db | Feb. 17, 2023, 10:46 p.m. |
Last updated | Nov. 17, 2024, 6:56 p.m. |
Headline | Lazarus supply‑chain attack in South Korea |
Title | Lazarus supply‑chain attack in South Korea | WeLiveSecurity |
Detected Hints/Tags/Attributes | 141/4/98 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 114 | eset.com |
|
Details | Domain | 1 | nukesped.fo |
|
Details | Domain | 1 | nukesped.cv |
|
Details | Domain | 1 | nukesped.dk |
|
Details | Domain | 1 | www.ikrea.or.kr |
|
Details | Domain | 1 | www.fored.or.kr |
|
Details | Domain | 1 | www.zndance.com |
|
Details | Domain | 1 | www.cowp.or.kr |
|
Details | Domain | 1 | www.style1.co.kr |
|
Details | Domain | 1 | www.erpmas.co.kr |
|
Details | Domain | 1 | www.wowpress.co.kr |
|
Details | Domain | 1 | www.quecue.kr |
|
Details | Domain | 1 | www.pcdesk.co.kr |
|
Details | Domain | 1 | www.gongsinet.kr |
|
Details | Domain | 1 | www.goojoo.net |
|
Details | Domain | 1 | www.pgak.net |
|
Details | Domain | 1 | www.gncaf.or.kr |
|
Details | Domain | 1 | www.hsbutton.co.kr |
|
Details | Domain | 1 | www.hstudymall.co.kr |
|
Details | Domain | 9 | www.operationblockbuster.com |
|
Details | Domain | 154 | us-cert.cisa.gov |
|
Details | 69 | threatintel@eset.com |
||
Details | File | 1 | delfino.exe |
|
Details | File | 1 | magiclinenpiz.exe |
|
Details | File | 1 | c:\windows\softwaredistribution\download\bit388293.tmp |
|
Details | File | 2 | perf91nc.inf |
|
Details | File | 1 | assocnet.inf |
|
Details | File | 1 | nwsapagentmonsvc.dll |
|
Details | File | 1 | btserv.dll |
|
Details | File | 1 | iasregmonsvc.dll |
|
Details | File | 1 | %temp%\services_dll.log |
|
Details | File | 1 | %temp%\server_dll.log |
|
Details | File | 1 | magiclinenpiz.gif |
|
Details | File | 1 | delfino.gif |
|
Details | File | 1 | bit388293.tmp |
|
Details | File | 70 | e.doc |
|
Details | File | 1 | nukesped.ep |
|
Details | File | 1 | main_board.asp |
|
Details | File | 73 | view.php |
|
Details | File | 2 | post.asp |
|
Details | File | 6 | main.asp |
|
Details | File | 13 | view.asp |
|
Details | File | 1 | franchise_modify.asp |
|
Details | File | 1 | refuse_05.asp |
|
Details | File | 1 | ex_join.asp |
|
Details | File | 1 | mn_board.asp |
|
Details | File | 1 | comm_gongsi.asp |
|
Details | File | 1 | banner01.asp |
|
Details | File | 2 | release.asp |
|
Details | File | 1 | cafe_board.asp |
|
Details | File | 1 | bbs_write.asp |
|
Details | File | 3 | bottom.asp |
|
Details | File | 1122 | svchost.exe |
|
Details | md5 | 1 | 7DCD340D84F762EBA80AA538B0C527F7 |
|
Details | md5 | 1 | 4C8DEF294478B7D59EE95C61FAE3D965 |
|
Details | sha1 | 1 | 3d311117d09f4a6ad300e471c2fb2b3c63344b1d |
|
Details | sha1 | 1 | 3abfec6fc3445759730789d4322b0be73dc695c7 |
|
Details | sha1 | 1 | 1ea7481878f0d9053ccd81b4589cecaefc306cf2 |
|
Details | sha1 | 1 | cb818be1fce5393a83fbfcb3b6f4ac5a3b5b8a4b |
|
Details | sha1 | 1 | 5ce3cdfb61f3097e5974f5a07cf0bd2186585776 |
|
Details | sha1 | 1 | fac3fb1c20f2a56887bdba892e470700c76c81ba |
|
Details | sha1 | 1 | aa374fa424cc31d2e5ec8ece2ba745c28cb4e1e8 |
|
Details | sha1 | 1 | e50ad1a7a30a385a9d0a2c0a483d85d906ef4a9c |
|
Details | sha1 | 1 | dc72d464289102caaf47ec318b6110ed6af7e5e4 |
|
Details | sha1 | 1 | 9f7b4004018229fad8489b17f60aadb3281d6177 |
|
Details | sha1 | 1 | 2a2839f69ec1ba74853b11f8a8505f7086f1c07a |
|
Details | sha1 | 1 | 8edb488b5f280490102241b56f1a8a71ebeef8e3 |
|
Details | MITRE ATT&CK Techniques | 21 | T1584.004 |
|
Details | MITRE ATT&CK Techniques | 96 | T1587.001 |
|
Details | MITRE ATT&CK Techniques | 33 | T1588.003 |
|
Details | MITRE ATT&CK Techniques | 36 | T1195.002 |
|
Details | MITRE ATT&CK Techniques | 239 | T1106 |
|
Details | MITRE ATT&CK Techniques | 3 | T1547.005 |
|
Details | MITRE ATT&CK Techniques | 348 | T1036 |
|
Details | MITRE ATT&CK Techniques | 160 | T1027.002 |
|
Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
Details | MITRE ATT&CK Techniques | 55 | T1553.002 |
|
Details | MITRE ATT&CK Techniques | 442 | T1071.001 |
|
Details | MITRE ATT&CK Techniques | 130 | T1573.001 |
|
Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
Details | Url | 1 | http://www.ikrea.or.kr/main/main_board.asp |
|
Details | Url | 1 | http://www.fored.or.kr/home/board/view.php |
|
Details | Url | 1 | https://www.zndance.com/shop/post.asp |
|
Details | Url | 1 | http://www.cowp.or.kr/html/board/main.asp |
|
Details | Url | 1 | http://www.style1.co.kr/main/view.asp |
|
Details | Url | 1 | http://www.erpmas.co.kr/member/franchise_modify.asp |
|
Details | Url | 1 | https://www.wowpress.co.kr/customer/refuse_05.asp |
|
Details | Url | 1 | https://www.quecue.kr/okproj/ex_join.asp |
|
Details | Url | 1 | http://www.pcdesk.co.kr/freeboard/mn_board.asp |
|
Details | Url | 1 | http://www.gongsinet.kr/comm/comm_gongsi.asp |
|
Details | Url | 1 | http://www.goojoo.net/board/banner01.asp |
|
Details | Url | 1 | http://www.pgak.net/service/engine/release.asp |
|
Details | Url | 1 | https://www.gncaf.or.kr/cafe/cafe_board.asp |
|
Details | Url | 1 | https://www.hsbutton.co.kr/bbs/bbs_write.asp |
|
Details | Url | 1 | https://www.hstudymall.co.kr/easypay/web/bottom.asp |
|
Details | Url | 1 | https://www.operationblockbuster.com/resources |
|
Details | Url | 2 | https://us-cert.cisa.gov/northkorea |
|
Details | Windows Registry Key | 4 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security |