Pulse Detail — Threat Intelligence

PULSE NAME

Report on North Korean cyber attacks (Campaign Rifle)

WHITE Lazarus Group AlienVault 2017-07-27 Modified: 2018-10-23

205

IOCs

HIGH VOLUME

In February 2016, Novetta announced a profiling report entitled &quot;Operation Blockbuster: Unraveling the Long Thread of Sony Attack&quot; in association with global security companies (Kaspersky Lab, Symantec, Trend Micro, JPCERT / CC, etc.). The Lazarus group, which has been identified as the backbone of the report, has been active in the past, and Novetta &#39;s research is helping to preemptively counteract and prevent Lazarus attacks around the world. However, global security companies are limited in collecting attack information in Korea, and there is also a lack of information about the attacks that Lazarus or Lazarus are suspected of as a small group of threat groups in Korea. Therefore, the Korea Financial Security Institute (FSI) identified the specific characteristics of domestic IT and work environment, and profiled specific threat groups that are using the attacks. The results are described in this report.

Indicators of Compromise (103 / 205 total)

All FileHash-SHA256 FileHash-MD5 CVE

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	00f850a82b366a2e4e0c312d1d7a1266	—	2017-07-27
FileHash-MD5	01627db48f9fb454264c2dd8a2777e6e	—	2017-07-27
FileHash-MD5	017c4f728f9f27b2e90343fb93681437	—	2017-07-27
FileHash-MD5	02a799aec23991ffdd1e094070848ed2	—	2017-07-27
FileHash-MD5	0482040c790d95f27aaa64eb8020193e	—	2017-07-27
FileHash-MD5	09a365bca304d011e519978375efe9b0	—	2017-07-27
FileHash-MD5	0bd4cf1a4fbdd208d78bea0c26b33f8a	—	2017-07-27
FileHash-MD5	0c12e423beb22f65301f116be9d5bdc5	—	2017-07-27
FileHash-MD5	12ce93f02c29292c33290c5d38272200	—	2017-07-27
FileHash-MD5	141840cb756da90d10dabe26f54f6a4a	—	2017-07-27
FileHash-MD5	183507aafbdf4f4be8c7873348bcc158	—	2017-07-27
FileHash-MD5	18e4a570be3fe301776f81e39df6974b	—	2017-07-27
FileHash-MD5	1be349901428516a2402fc3b9abb9d7d	—	2017-07-27
FileHash-MD5	1c6268fa3040f558d0980819ad9d729c	—	2017-07-27
FileHash-MD5	1e83bd892072593b3988261bb9013f33	—	2017-07-27
FileHash-MD5	20d24c2cbbbf35f7687d7ef287ebec08	—	2017-07-27
FileHash-MD5	24df5d983ae5850ecd9982b3629ae0c5	—	2017-07-27
FileHash-MD5	2905929066d925cd0ce5ac63f0ef47a9	—	2017-07-27
FileHash-MD5	2ca0a4b62c9c2b453d2fe80aaf3b35e1	—	2017-07-27
FileHash-MD5	31d329cfeb7adee9c1d72688d6f2fcef	—	2017-07-27
FileHash-MD5	34fd02be8006614f7b1bae4d453e19f4	—	2017-07-27
FileHash-MD5	38241c9195174fa0af52e1105f6ec5f4	—	2017-07-27
FileHash-MD5	3abacda35acf35f31d42053560fc5214	—	2017-07-27
FileHash-MD5	3f4b4ea3f32a166ed533420873c84e56	—	2017-07-27
FileHash-MD5	3fdb8b1147d86e50b0595fb42d40d288	—	2017-07-27
FileHash-MD5	40685422b591d8efad694ca003ffea03	—	2017-07-27
FileHash-MD5	42216a3521c3f5c7bb46e31f8ea95580	—	2017-07-27
FileHash-MD5	42b4b4f6bb4cd8c017fd801ac9d653b0	—	2017-07-27
FileHash-MD5	455337dc726f891ad3711fd1d9253874	—	2017-07-27
FileHash-MD5	45ee81f48959fc50320ae3a950d13a08	—	2017-07-27
FileHash-MD5	4612b19b6f632bb53b76029f099701e9	—	2017-07-27
FileHash-MD5	4670b79e0ea4c620e6952c08bec59f1a	—	2017-07-27
FileHash-MD5	4a9e60845c357651b43d44091d15576d	—	2017-07-27
FileHash-MD5	4aaa3c19769ba256113bf3b4ef03d4fe	—	2017-07-27
FileHash-MD5	4ab8e3f788cdd61b7f900cf99c277842	—	2017-07-27
FileHash-MD5	4c9a343510e9b1f78e98ddc455e9ab11	—	2017-07-27
FileHash-MD5	53f349f4064ac498766339d53a067e51	—	2017-07-27
FileHash-MD5	550638edff8652f5e5d888c5c55860e6	—	2017-07-27
FileHash-MD5	5c3f89abfa560dececf1b46994290d3f	—	2017-07-27
FileHash-MD5	5c48ff350bc0067c179772a3ef3e2db5	—	2017-07-27
FileHash-MD5	5ca4562a5bfa15417707d3168161cb23	—	2017-07-27
FileHash-MD5	610906bb3a0d11570937937738b04f6c	—	2017-07-27
FileHash-MD5	66100c3e314671087c97ad27cd4288e7	—	2017-07-27
FileHash-MD5	69303a41f7883fe49783ed4290efbf9f	—	2017-07-27
FileHash-MD5	6aa92380a61ccd18e89bde9d006874af	—	2017-07-27
FileHash-MD5	6b95c5f02b2a7ce7a41d64d4a9121aad	—	2017-07-27
FileHash-MD5	73fc3c838d03a7a6cead2bd1ccb49bcf	—	2017-07-27
FileHash-MD5	741fadda07d9c2e41d6d8b0f2e91bc5e	—	2017-07-27
FileHash-MD5	7756992d31ccd9825cfc95c5ca187b1f	—	2017-07-27
FileHash-MD5	77eb31433051a5d674876471441aa243	—	2017-07-27
FileHash-MD5	7be9cd0a6a9b3a0ccbca004e35e58ed2	—	2017-07-27
FileHash-MD5	8233ae53a68edce1a1d7ca3e38876f79	—	2017-07-27
FileHash-MD5	8360df5aac96cf5db06f3ec2f3f668aa	—	2017-07-27
FileHash-MD5	84ff1588752e59845a14542191298a99	—	2017-07-27
FileHash-MD5	853236373fd97396d422f749b78ed3d6	—	2017-07-27
FileHash-MD5	8ee5e39cd947d56b9d1652086b0daab3	—	2017-07-27
FileHash-MD5	9825763ede4a2077df0cc39d14964554	—	2017-07-27
FileHash-MD5	9cb5b1b4abebd7ca916370adad0c2beb	—	2017-07-27
FileHash-MD5	9d590f251a9d935116d09f7428d2bc43	—	2017-07-27
FileHash-MD5	9ef85a2e35ae36bdaef6a92ef8cde3d5	—	2017-07-27
FileHash-MD5	9f051ee701e932ea28ac781f4b37e060	—	2017-07-27
FileHash-MD5	9ffff56d809abf5c020330e1f0f96073	—	2017-07-27
FileHash-MD5	a1f92b84614d7f07ab84c7a97675b299	—	2017-07-27
FileHash-MD5	a57797d9e384261f383f96209791fa7b	—	2017-07-27
FileHash-MD5	a8641ac59a34d56a4fe3e0501f96506d	—	2017-07-27
FileHash-MD5	a9a46626eb481417a3d2e8fc477db61d	—	2017-07-27
FileHash-MD5	aa244e7809149c7460502fca763915cf	—	2017-07-27
FileHash-MD5	aab506c427bf4036ef23d7d48eb4e9cc	—	2017-07-27
FileHash-MD5	aae751fabe204f113f9ab62f6c999ebd	—	2017-07-27
FileHash-MD5	aca10b7a7364cab74e2db9dbc898701a	—	2017-07-27
FileHash-MD5	ad1a665a550b9c71a2f6414d67fddb71	—	2017-07-27
FileHash-MD5	b1b8b51177030fbaba352bbb0e4ed59a	—	2017-07-27
FileHash-MD5	b385903e167c06a7a0b9b4e5a5deac27	—	2017-07-27
FileHash-MD5	b5ffe6282f147676ce9f7547b710f334	—	2017-07-27
FileHash-MD5	b84293feedc66909f3d3b517b5396dce	—	2017-07-27
FileHash-MD5	b9cff499639723c185e80d082dba7ddf	—	2017-07-27
FileHash-MD5	bb710db1c03ebc4f8d6ebb8b8577ee78	—	2017-07-27
FileHash-MD5	bc062e241ac23e56ba23b8bc17c5fd38	—	2017-07-27
FileHash-MD5	bcbfc82b63ec9f945f62f54dd3cfec42	—	2017-07-27
FileHash-MD5	c6d535887c497aeda51032fde69d6fd6	—	2017-07-27
FileHash-MD5	c8b18926a4bdc3c7ba4952c189e60cc0	—	2017-07-27
FileHash-MD5	ce084ac33f851987a1cf5aa8f8d97337	—	2017-07-27
FileHash-MD5	d28b66a8d6ba58f8632612423b502e05	—	2017-07-27
FileHash-MD5	d44fe3fd0b6fc73b6bb016c81aad30ce	—	2017-07-27
FileHash-MD5	d60133e3de1e076f4fd5f16a5e9eed0d	—	2017-07-27
FileHash-MD5	d6e9a7615e0afff7711f5534e7086822	—	2017-07-27
FileHash-MD5	d97df4859b1d6afb3a9cf546d52026b4	—	2017-07-27
FileHash-MD5	dd62a1f28044d451d75437750755d59d	—	2017-07-27
FileHash-MD5	ddd8adfb286c37fac4409941a330d1ab	—	2017-07-27
FileHash-MD5	e0486ef8ada2eebb9a9c6517289966e9	—	2017-07-27
FileHash-MD5	e0da7e25fec7e61beede85ca90ae4e63	—	2017-07-27
FileHash-MD5	e2982d47c354779415539bc305037427	—	2017-07-27
FileHash-MD5	eddb7aac1240e5cdadb313f32b62a910	—	2017-07-27
FileHash-MD5	ee778be503fda770ee2f40e51edfd595	—	2017-07-27
FileHash-MD5	f066995689f57ff18cc51d48437d8ad7	—	2017-07-27
FileHash-MD5	f114ac04c734195d81585fd1c52ff055	—	2017-07-27
FileHash-MD5	f3d59f8d1ed96fceb7c7c7d64235bb1a	—	2017-07-27
FileHash-MD5	f7f39c3580fc1c81c2a37318e514f9be	—	2017-07-27
FileHash-MD5	f846018ed9037edd568ce1bc2023c886	—	2017-07-27
FileHash-MD5	f8f904842332d549e3ad5150112e159b	—	2017-07-27
FileHash-MD5	f90662273db92aa8de0abed37767b911	—	2017-07-27
FileHash-MD5	f98bcd36563a051ab6e193c27194fb80	—	2017-07-27
FileHash-MD5	fd510724e657411a03a744e9c521c731	—	2017-07-27

References (1)

↗ http://www.fsec.or.kr/common/proc/fsec/bbs/21/fileDownLoad/1235.do