← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Blockbuster Sequel
WHITE Lazarus Group AlienVault 2017-05-16 Modified: 2017-05-16
47
IOCs
MEDIUM VOLUME
Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta. This report details the activities from a group they named Lazarus, their tools, and the techniques they use to infiltrate computer networks. The Lazarus group is tied to the 2014 attack on Sony Pictures Entertainment and the 2013 DarkSeoul attacks.
upxblockbusterkoreaofficelazarusunit42
Indicators of Compromise (47)
All FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 02d74124957b6de4b087a7d12efa01c43558bf6bdaccef9926a022bcffcdcfea 2017-05-16
FileHash-SHA256 032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0 2017-05-16
FileHash-SHA256 040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63 2017-05-16
FileHash-SHA256 09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723 2017-05-16
FileHash-SHA256 0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477 2017-05-16
FileHash-SHA256 1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65 2017-05-16
FileHash-SHA256 1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08 2017-05-16
FileHash-SHA256 18579d1cc9810ca0b5230e8671a16f9e65b9c9cdd268db6c3535940c30b12f9e 2017-05-16
FileHash-SHA256 19b23f169606bd390581afe1b27c2c8659d736cbfa4c3e58ed83a287049522f6 2017-05-16
FileHash-SHA256 1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe 2017-05-16
FileHash-SHA256 31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443 2017-05-16
FileHash-SHA256 440dd79e8e5906f0a73b80bf0dc58f186cb289b4edb9e5bc4922d4e197bce10c 2017-05-16
FileHash-SHA256 446ce29f6df3ac2692773e0a9b2a973d0013e059543c858554ac8200ba1d09cf 2017-05-16
FileHash-SHA256 49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af 2017-05-16
FileHash-SHA256 557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062 2017-05-16
FileHash-SHA256 5c10b34e99b0f0681f79eaba39e3fe60e1a03ec43faf14b28850be80830722cb 2017-05-16
FileHash-SHA256 600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7 2017-05-16
FileHash-SHA256 644c01322628adf8574d69afe25c4eb2cdc0bfa400e689645c2ab80becbacc33 2017-05-16
FileHash-SHA256 6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad 2017-05-16
FileHash-SHA256 6ccb8a10e253cddd8d4c4b85d19bbb288b56b8174a3f1f2fe1f9151732e1a7da 2017-05-16
FileHash-SHA256 77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976 2017-05-16
FileHash-SHA256 79fe6576d0a26bd41f1f3a3a7bfeff6b5b7c867d624b004b21fadfdd49e6cb18 2017-05-16
FileHash-SHA256 8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1 2017-05-16
FileHash-SHA256 8b21e36aa81ace60c797ac8299c8a80f366cb0f3c703465a2b9a6dbf3e65861e 2017-05-16
FileHash-SHA256 8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b 2017-05-16
FileHash-SHA256 90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1 2017-05-16
FileHash-SHA256 9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e 2017-05-16
FileHash-SHA256 9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff 2017-05-16
FileHash-SHA256 cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b 2017-05-16
FileHash-SHA256 d1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080 2017-05-16
FileHash-SHA256 d843f31a1fb62ee49939940bf5a998472a9f92b23336affa7bccfa836fe299f5 2017-05-16
FileHash-SHA256 dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212 2017-05-16
FileHash-SHA256 dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57 2017-05-16
FileHash-SHA256 dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316 2017-05-16
FileHash-SHA256 efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c 2017-05-16
FileHash-SHA256 f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2 2017-05-16
FileHash-SHA256 f365a042fbf57ed2fe3fd75b588c46ae358c14441905df1446e67d348bd902bf 2017-05-16
FileHash-SHA256 f618245e69695f6e985168f5e307fd6dc7e848832bf01c529818cbcfa4089e4a 2017-05-16
FileHash-SHA256 fa45603334dae86cc72e356df9aa5e21151bb09ffabf86b8dbf5bf42bd2bbadf 2017-05-16
FileHash-SHA256 fc19a42c423aefb5fdb19b50db52f84e1cbd20af6530e7c7b39435c4c7248cc7 2017-05-16
FileHash-SHA256 ff4581d0c73bd526efdd6384bc1fb44b856120bc6bbf0098a1fa0de3efff900d 2017-05-16
FileHash-SHA256 ff58189452668d8c2829a0e9ba8a98a34482c4f2c5c363dc0671700ba58b7bee 2017-05-16
domain daedong.or.kr 2017-05-16
domain kcnp.or.kr 2017-05-16
domain kosic.or.kr 2017-05-16
domain wstore.lt 2017-05-16
domain xkclub.hk 2017-05-16
References (1)
↗ http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/