← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Linux malware strengthens links between Lazarus and the 3CX supply-chain attack | WeLiveSecurity
WHITE Lazarus CyberHunter_NL 2023-04-21 Modified: 2023-04-21
45
IOCs
MEDIUM VOLUME
lazaruslinuxsimplexteawindowsbadcallsimpleseaodicloadersimplextea linuxlinux dreamjobmacossimplesea macosiconicloadervirustotaleset researchmarchfigureiconicstealerfebruaryaprilfirstaugustmalwareopenpodcast
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
IconicLoader SIMPLESEA macOS macOS Linux DreamJob SimplexTea Linux OdicLoader SIMPLESEA BADCALL Windows Linux SimplexTea
Indicators of Compromise (45)
All URL IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain
TYPEINDICATORDESCRIPTIONCREATED
URL https://od.lk/d/NTJfMzg4MDE1NzJf/vxmedia 2023-04-21
IPv4 172.93.201.88 CC=US ASN=AS20278 NEXEON 2023-04-21
IPv4 23.254.211.230 CC=US ASN=AS54290 HOSTWINDS 2023-04-21
FileHash-MD5 3cf7232e5185109321921046d039cf10 2023-04-21
FileHash-MD5 451c23709ecd5a8461ad060f6346930c MD5 of 58b0516d28bd7218b1908fb266b8fe7582e22a5f MD5 of 58b0516d28bd7218b1908fb266b8fe7582e22a5f 2023-04-21
FileHash-MD5 6426fe4dc604c7f1784ed1d48ab4ffc8 MD5 of 3b88cda62cdd918b62ef5aa8c5a73a46f176d18b 2023-04-21
FileHash-MD5 760c35a80d758f032d02cf4db12d3e55 MD5 of 1c66e67a8531e3ff1c64ae57e6edfde7bef2352d 2023-04-21
FileHash-MD5 76111d9780b2d0b5adee61cf752d937e MD5 of 5b03294b72c0caa5fb20e7817002c600645eb475 2023-04-21
FileHash-MD5 9e4d9edb07c348b10863d89b6bb08141 MD5 of 65122e5129fc74d6b5ebafcc3376abae0145bc14 MD5 of 65122e5129fc74d6b5ebafcc3376abae0145bc14 2023-04-21
FileHash-MD5 aac5a52b939f3fe792726a13ff7a1747 2023-04-21
FileHash-MD5 af2bc70f1c97a2f583f7b87aea3c8a6c MD5 of 7491bd61ed15298ce5ee5ffd01c8c82a2cdb40ec 2023-04-21
FileHash-MD5 c01dc42f65acaf1c917c0cc29ba63adc MD5 of d288766fa268bc2534f85fd06a5d52264e646c47 MD5 of d288766fa268bc2534f85fd06a5d52264e646c47 2023-04-21
FileHash-MD5 cedb9cdbad254f60cfb215b9bff84fb9 2023-04-21
FileHash-MD5 fc41cb8425b6432af8403959bb59430d 2023-04-21
FileHash-SHA1 0ca1723afe261cd85b05c9ef424fc50290dce7df 2023-04-21
FileHash-SHA1 1c66e67a8531e3ff1c64ae57e6edfde7bef2352d 2023-04-21
FileHash-SHA1 2acc6f1d4656978f4d503929b8c804530d7e7cf6 2023-04-21
FileHash-SHA1 3a63477a078ce10e53dfb5639e35d74f93cefa81 2023-04-21
FileHash-SHA1 3b88cda62cdd918b62ef5aa8c5a73a46f176d18b 2023-04-21
FileHash-SHA1 58b0516d28bd7218b1908fb266b8fe7582e22a5f 2023-04-21
FileHash-SHA1 5b03294b72c0caa5fb20e7817002c600645eb475 2023-04-21
FileHash-SHA1 65122e5129fc74d6b5ebafcc3376abae0145bc14 2023-04-21
FileHash-SHA1 7491bd61ed15298ce5ee5ffd01c8c82a2cdb40ec 2023-04-21
FileHash-SHA1 9d8bade2030c93d0a010aa57b90915eb7d99ec82 2023-04-21
FileHash-SHA1 cad1120d91b812acafef7175f949dd1b09c6c21a 2023-04-21
FileHash-SHA1 d288766fa268bc2534f85fd06a5d52264e646c47 2023-04-21
FileHash-SHA1 dcef83d8ee080b54dc54759c59f955e73d67aa65 2023-04-21
FileHash-SHA1 f6760fb1f8b019af2304ea6410001b63a1809f1d 2023-04-21
FileHash-SHA256 4257bb11570ed15b8a15aa3fc051a580eab5d09c2f9d79e4b264b752c8e584fc SHA256 of d288766fa268bc2534f85fd06a5d52264e646c47 SHA256 of d288766fa268bc2534f85fd06a5d52264e646c47 2023-04-21
FileHash-SHA256 492a643bd1efdaca4ca125ade1b606e7bbf00e995ac9115ac84d1c4c59cb66dd 2023-04-21
FileHash-SHA256 5a07b09eea34d7faa9c37e2806a556cd95f97699597bd1123339849b6e942d95 SHA256 of 65122e5129fc74d6b5ebafcc3376abae0145bc14 SHA256 of 65122e5129fc74d6b5ebafcc3376abae0145bc14 2023-04-21
FileHash-SHA256 5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8 SHA256 of 58b0516d28bd7218b1908fb266b8fe7582e22a5f SHA256 of 58b0516d28bd7218b1908fb266b8fe7582e22a5f 2023-04-21
FileHash-SHA256 9352625b3e6a3c998e328e11ad43efb5602fe669aed9c9388af5f55fadfedc78 SHA256 of 5b03294b72c0caa5fb20e7817002c600645eb475 2023-04-21
FileHash-SHA256 aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973 SHA256 of 3b88cda62cdd918b62ef5aa8c5a73a46f176d18b 2023-04-21
FileHash-SHA256 cc307cfb401d1ae616445e78b610ab72e1c7fb49b298ea003dd26ea80372089a 2023-04-21
FileHash-SHA256 e2ecec43da974db02f624ecadc94baf1d21fd1a5c4990c15863bb9929f781a0a SHA256 of 1c66e67a8531e3ff1c64ae57e6edfde7bef2352d 2023-04-21
FileHash-SHA256 ea31e626368b923419e8966747ca33473e583376095c48e815916ff90382dda5 SHA256 of 7491bd61ed15298ce5ee5ffd01c8c82a2cdb40ec 2023-04-21
FileHash-SHA256 eebb01932de0b5605dd460cc82844d8693c00ea8ab5ffdf8dbede6528c1c18fd 2023-04-21
FileHash-SHA256 f638e5a20114019ad066dd0e856f97fd865798d8fbed1766662d970beff652ca 2023-04-21
IPv4 38.108.185.115 CC=US ASN=AS174 COGENT-174 2023-04-21
IPv4 38.108.185.79 CC=US ASN=AS174 COGENT-174 2023-04-21
URL https://journalide.org/djour.php 2023-04-21
YARA 73ebb8715a33dce62f3ea8472ccbbdf4106f4be1 Rich Headers-based rule covering the IconicLoader and IconicStealer from the 3CX supply chain incident, and also payloads from the cryptocurrency campaigns from 2022-12 2023-04-21
domain apdl.cf 2023-04-21
domain journalide.org 2023-04-21
References (1)
↗ https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/