隐藏在投资推介书中的淘金者——APT-C-26(Lazarus)攻击活动分析报告
Tags
attack-pattern: Software - T1592.002
Show in Graph
Common Information
Type Value
UUID dc4c8bf4-039a-4e81-b56e-c3424b5e5310
Fingerprint 86493fe4d36938f
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 21, 2022, midnight
Added to db Jan. 30, 2023, 4:35 p.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline 隐藏在投资推介书中的淘金者——APT-C-26(Lazarus)攻击活动分析报告
Title 隐藏在投资推介书中的淘金者——APT-C-26(Lazarus)攻击活动分析报告
Detected Hints/Tags/Attributes 10/1/27
Source URLs
Redirection Url
Details Source https://mp.weixin.qq.com/s/Xs54_RDKU5MvkvsPPCGKEw
URL Provider
Details Provider Source level domain
Details qq.com mp.weixin.qq.com
Attributes
Details Type #Events CTI Value
Details CVE 269 
cve-2017-0199
Details Domain 1 
cloud.beenos.biz
Details Domain 1 
axplonan.axa
Details Domain 2 
doc.venturelabo.co
Details Domain 1 
office.azureword.com
Details Domain 2 
cloud.venturelabo.co
Details Domain 2 
it.zvc.capital
Details Domain 403 
securelist.com
Details File 1 
恶意宏加载文档目录customxml下文件item1.xml
Details File 1 
c:\users\用户名\appdata\roaming\microsoft\templates\normal.dot
Details File 1 
下item1.xml
Details File 4 
node.txt
Details File 1260 
explorer.exe
Details File 380 
notepad.exe
Details File 1 
c:\users\test\appdata\local\microsoft\windows 路径下创建文件 groove.tmp
Details File 1 
很遗憾在分析groove.tmp
Details md5 1 
98F765BB4201EC61A304F49A97E4F305
Details md5 1 
44AD56E3EE5CEBB77830C0133E671F4E
Details md5 1 
6DCA2CF173773FE8FB9D7BA5D912B95C
Details md5 1 
0B409E7435F4C453FFE1F5160004DBC9
Details md5 1 
648C9479B357CFDBDFCCE497B4E6BFF5
Details md5 1 
67dc0b3d3df594094c7d5ddd2382c6c6
Details md5 2 
89099235aad37a29b7acedc96fda0037
Details md5 2 
f26eaa212c503aaba6e5015cb8ef44b5
Details Threat Actor Identifier - APT-C 30 
APT-C-26
Details Url 1 
https://it.zvc.capital/c5mplvlkoqh/msuslmglyq/vazw
Details Url 2 
https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488