ioc[.]one - OSINT Cyber Threat Intelligence Database

Interlab 인터랩 | Novel RAT discovered “SuperBear” targeting journalist covering geopolitics of Asia

Tags

cmtmf-attack-pattern:	Process Injection
attack-pattern:	Data Hidden Window - T1564.003 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Hollowing - T1055.012 Process Injection - T1631 Hidden Window - T1143 Powershell - T1086 Process Hollowing - T1093 Process Injection - T1055

Show in Graph

Common Information

Type	Value
UUID	fc0ec178-044b-4768-baa7-f1935150ad3d
Fingerprint	388a9dd10a359389
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 1, 2024, midnight
Added to db	Nov. 8, 2023, 11:16 p.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	Executive Summary
Title	Interlab 인터랩 \| Novel RAT discovered “SuperBear” targeting journalist covering geopolitics of Asia
Detected Hints/Tags/Attributes	65/2/34

Source URLs

	Redirection	Url
Details	Source	https://interlab.or.kr/archives/19416

URL Provider

Details	Provider	Source level domain
Details	interlab.or.kr	interlab.or.kr

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	139	✔	—	https://interlab.or.kr/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	228	system.io
Details	Domain	1	redacted.me
Details	Domain	12	www.autoitscript.com
Details	Domain	3	hironchk.com
Details	Domain	2	syra.forumcommunity.net
Details	Domain	4	autoit-script.ru
Details	Domain	261	blog.talosintelligence.com
Details	Domain	93	bazaar.abuse.ch
Details	Domain	11	interlab.or.kr
Details	Email	3	contact@interlab.or.kr
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	ssuolsumir.ps
Details	File	14	c:\windows\system32\curl.exe
Details	File	1	dbhg.exe
Details	File	29	autoit3.exe
Details	File	1260	explorer.exe
Details	md5	1	614dda72d95b5dfd732916aec0662598
Details	sha256	2	5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e
Details	sha256	3	282e926eb90960a8a807dd0b9e8668e39b38e6961b0023b09f8b56d287ae11cb
Details	sha256	2	454cfe3be695d0a387d7877c11d3b224b3e2c7d22fc2f31f349b5c23799967ec
Details	IPv4	2	89.117.139.230
Details	Pdb	1	solmir.pdb
Details	Pdb	1	solmir_1.pdb
Details	Url	1	https://redacted.me/wp-content/solmir.pdb
Details	Url	1	https://redacted.me/wp-content/solmir_1.pdb
Details	Url	1	https://www.autoitscript.com/site/autoit
Details	Url	1	https://mp.weixin.qq.com/s?__biz=mzuymjk4nzexma==&mid=2247493300&idx=1&sn=614dda72d95b5dfd732916aec0662598&cur_album_id=1915287066892959748#rd
Details	Url	2	https://www.autoitscript.com/forum/topic/99412-run-binary/page/8
Details	Url	2	https://syra.forumcommunity.net/?t=55181142
Details	Url	2	https://autoit-script.ru/threads/peredacha-parametrov-komandnoj-stroki.24834
Details	Url	5	https://blog.talosintelligence.com/lazarus-collectionrat
Details	Url	2	https://www.virustotal.com/gui/collection/454cfe3be695d0a387d7877c11d3b224b3e2c7d22fc2f31f349b5c23799967ec/summary
Details	Url	2	https://bazaar.abuse.ch/sample/282e926eb90960a8a807dd0b9e8668e39b38e6961b0023b09f8b56d287ae11cb
Details	Url	2	https://bazaar.abuse.ch/sample/5305b8969b33549b6bd4b68a3f9a2db1e3b21c5497a5d82cec9beaeca007630e