← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
VSingle malware obtains C2 server information from GitHub
WHITE Lazarus AlienVault 2022-07-06 Modified: 2022-07-06
21
IOCs
MEDIUM VOLUME
Recently, the malware used by Lazarus VSingle has been updated to retrieve C2 servers information from GitHub. This article focuses on the updates of VSingle. VSingle has two versions, one targeting Windows OS and the other targeting Linux OS, and this article is based on the latter, which has more updates.
vsinglelazarusapt
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
VSingle
Indicators of Compromise (21)
All URL FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://ougreen.com/zone 2022-07-06
FileHash-SHA256 199ba618efc6af9280c5abd86c09cdf2d475c09c8c7ffc393a35c3d70277aed1 2022-07-06
FileHash-SHA256 2eb16dbc1097a590f07787ab285a013f5fe235287cb4fb948d4f9cce9efa5dbc 2022-07-06
FileHash-SHA256 414ed95d14964477bebf86dced0306714c497cde14dede67b0c1425ce451d3d7 2022-07-06
URL http://crm.vncgroup.com/cats/scripts/sphinxview.php 2022-07-06
URL https://bluedragon.com/login 2022-07-06
URL https://mantis.westlinks.net/api/soap/mc_enum.php 2022-07-06
URL https://mantis.westlinks.net/api/soap/mc_enum.php?uid=15022694&jsid=[AES 2022-07-06
URL https://mantis.westlinks.net/api/soap/mc_enum.php?uid=15022694&upw=MTkyLjE2OC4yLjI0fDMwLjB8MTJi\ 2022-07-06
URL https://mantis.westlinks.net/api/soap/mc_enum.php?uid=[ランダムな数字列]&upw=[Base64文字列] 2022-07-06
URL https://semiconductboard.com/xcror 2022-07-06
URL https://tecnojournals.com/general 2022-07-06
URL https://tecnojournals.com/prest 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807 2022-07-06
URL https://www.shipshorejob.com/ckeditor/samples/samples.php 3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e 2022-07-06
domain bluedragon.com 2022-07-06
domain ougreen.com 2022-07-06
domain semiconductboard.com 2022-07-06
domain tecnojournals.com 2022-07-06
hostname crm.vncgroup.com 2022-07-06
hostname mantis.westlinks.net 2022-07-06
hostname www.shipshorejob.com 2022-07-06
References (1)
↗ https://blogs.jpcert.or.jp/en/2022/07/vsingle.html