Pulse Detail — Threat Intelligence

PULSE NAME

Attackers Create Elaborate Crypto Trading Scheme to Install Malware

WHITE Lazarus Group AlienVault 2019-10-14 Modified: 2019-10-14

IOCs

LOW VOLUME

Attackers have created an elaborate scheme to distribute a cryptocurrency trading program that installs a backdoor on a victim's Mac or Windows PC. This is likely linked to the North Korean "Lazarus" attackers

lazarus crypto

Indicators of Compromise (8)

All FileHash-SHA256 domain URL FileHash-MD5 FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641	—	2019-10-14
FileHash-SHA256	4d6078fc1ea6d3cd65c3ceabf65961689c5bc2d81f18c55b859211a60c141806	—	2019-10-14
FileHash-SHA256	07c38ca1e0370421f74c949507fc0d21f4cfcb5866a4f9c0751aefa0d6e97542	—	2019-10-14
domain	beastgoc.com	—	2019-10-14
URL	http://beastgoc.com/grepmonux.php	—	2019-10-14
FileHash-MD5	48971e0e71300c99bb585d328b08bc88	—	2019-10-14
FileHash-MD5	c4aa6f87124320eadc342d2fe7364896	—	2019-10-14
FileHash-SHA1	4fcc84583126689d03acf69b9fca5632f7d44752	—	2019-10-14

References (4)

↗ https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/ ↗ https://objective-see.com/blog/blog_0x49.html ↗ https://twitter.com/malwrhunterteam/status/1182624999624101890 ↗ https://twitter.com/VK_Intel/status/1182730637016481793