ioc[.]one - OSINT Cyber Threat Intelligence Database

Commonly Known Tools Used by Lazarus - JPCERT/CC Eyes

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Vnc - T1021.005 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	e41884e7-2c16-4ee9-8ab5-bcbb0467fc48
Fingerprint	84305dc13a77aa93
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 20, 2021, midnight
Added to db	Sept. 11, 2022, 12:39 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	JPCERT/CC Eyes
Title	Commonly Known Tools Used by Lazarus - JPCERT/CC Eyes
Detected Hints/Tags/Attributes	40/2/39

Source URLs

	Redirection	Url
Details	Source	https://blogs.jpcert.or.jp/en/2021/01/Lazarus_tools.html

URL Provider

Details	Provider	Source level domain
Details	jpcert.or.jp	blogs.jpcert.or.jp

Attributes

Details	Type	#Events	Value
Details	Domain	13	www.joeware.net
Details	Domain	4128	github.com
Details	Domain	2	xenarmor.com
Details	Domain	8	www.rarlab.com
Details	Domain	4	www.tightvnc.com
Details	Domain	281	docs.microsoft.com
Details	Domain	5	www.tcpdump.org
Details	File	13	www.rar
Details	File	98	download.php
Details	Github username	2	shawndevans
Details	Github username	7	lgandx
Details	sha256	2	cfd201ede3ebc0deb0031983b2bda9fc54e24d244063ed323b0e421a535cff92
Details	sha256	8	b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682
Details	sha256	2	65ddf061178ad68e85a2426caf9cb85dc9acc2e00564b8bcb645c8b515200b67
Details	sha256	2	da4ad44e8185e561354d29c153c0804c11798f26915274f678db0a51c42fe656
Details	sha256	2	7dccc776c464a593036c597706016b2c8355d09f9539b28e13a3c4ffcda13de3
Details	sha256	2	47d121087c05568fe90a25ef921f9e35d40bc6bec969e33e75337fc9b580f0e8
Details	sha256	2	85703efd4ba5b691d6b052402c2e5dec95f4cec5e8ea31351af8523864ffc096
Details	sha256	2	4b7de800ccaedee8a0edd63d4273a20844b20a35969c32ad1ac645e7b0398220
Details	sha256	2	cf0121cd61990fd3f436bda2b2aff035a2621797d12fd02190ee0f9b2b52a75d
Details	sha256	3	ea139458b4e88736a3d48e81569178fd5c11156990b6a90e2d35f41b1ad9bac1
Details	sha256	2	a7ad23ee318852f76884b1b1f332ad5a8b592d0f55310c8f2ce1a97ad7c9db15
Details	sha256	2	30b234e74f9abe72eefde585c39300c3fc745b7e6d0410b0b068c270c16c5c39
Details	sha256	2	2cd844c7a4f3c51cb7216e9ad31d82569212f7eb3e077c9a448c1a0c28be971b
Details	sha256	2	1e0480e0e81d5af360518dff65923b31ea21621f5da0ed82a7d80f50798b6059
Details	sha256	4	5d1660a53aaf824739d82f703ed580004980d377bdc2834f1041d512e4305d07
Details	sha256	4	f4c8369e4de1f12cc5a71eb5586b38fc78a9d8db2b189b8c25ef17a572d4d6b7
Details	sha256	2	c0e27b7f6698327ff63b03fccc0e45eff1dc69a571c1c3f6c934ef7273b1562f
Details	sha256	2	cf02b7614fea863672ccbed7701e5b5a8fad8ed1d0faa2f9ea03b9cc9ba2a3ba
Details	Url	5	http://www.joeware.net/freetools/tools/adfind
Details	Url	2	https://github.com/shawndevans/smbmap
Details	Url	2	https://github.com/lgandx/responder-windows
Details	Url	2	https://xenarmor.com/email-password-recovery-pro-software
Details	Url	2	https://xenarmor.com/browser-password-recovery-pro-software
Details	Url	3	https://www.rarlab.com
Details	Url	2	https://www.tightvnc.com/download.php
Details	Url	6	https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
Details	Url	2	https://www.tcpdump.org
Details	Url	4	https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware