← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
疑似Lazarus(APT-Q-1)涉及npm包供应链的攻击样本分析
WHITE hiroki 2024-06-25 Modified: 2024-07-25
27
IOCs
MEDIUM VOLUME
strongappdatape dllstagepayloadc httpsgetprocfuncpec2c2ipnpmnpmc httpalpha
Indicators of Compromise (27)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://www.attackify.com/blog/rundll32_execution_order/ 2024-06-25
FileHash-MD5 1c4227bf06121fe9c454a85ad9245b56 2024-06-25
FileHash-MD5 420a13202d271babc32bf8259cdaddf3 2024-06-25
FileHash-MD5 46127a35b73b714a9c5c58aaa43cb51f 2024-06-25
FileHash-MD5 a6e7c231a699d4efe85080ce5fb36dfb 2024-06-25
FileHash-MD5 d8a8cc25bf5ef5b96ff7a64f663cbd29 2024-06-25
FileHash-SHA1 2fec035370124bc081185f16273f866242cfccca SHA1 of 46127a35b73b714a9c5c58aaa43cb51f 2024-06-25
FileHash-SHA1 461e4e6e8240cc43f4c19dc3dbb365575e06e259 SHA1 of a6e7c231a699d4efe85080ce5fb36dfb 2024-06-25
FileHash-SHA1 d1e5e29c162566ce1d8a3d9c1a758fdbfef74174 SHA1 of d8a8cc25bf5ef5b96ff7a64f663cbd29 2024-06-25
FileHash-SHA256 01c5836655c6a4212676c78ec96c0ac6b778a411e61a2da1f545eba8f784e980 SHA256 of a6e7c231a699d4efe85080ce5fb36dfb 2024-06-25
FileHash-SHA256 aec915753612bb003330ce7ffc67cfa9d7e3c12310f0ecfd0b7e50abf427989a SHA256 of d8a8cc25bf5ef5b96ff7a64f663cbd29 2024-06-25
FileHash-SHA256 b4c8c149005a43ae043038d4d62631dc1a0f57514c7cbf4f7726add7ec67981a SHA256 of 46127a35b73b714a9c5c58aaa43cb51f 2024-06-25
URL http://103.179.142.171/files/npm.mov 2024-06-25
URL http://103.179.142.171/npm/npm.mov 2024-06-25
URL http://156.236.76.9/faq/faq.asp 2024-06-25
URL http://156.236.76.9:80 2024-06-25
URL http://91.206.178.125/files/npm.mov 2024-06-25
URL http://91.206.178.125/upload/upload.asp 2024-06-25
URL http://91.206.178.125:80 2024-06-25
URL https://blockchain-newtech.com/download/download.asp 2024-06-25
URL https://blog.phylum.io/crypto-themed-npm-packages-found-delivering-stealthy-malware/ 2024-06-25
URL https://blog.phylum.io/junes-sophisticated-npm-attack-attributed-to-north-korea/ 2024-06-25
URL https://chaingrown.com/manage/manage.asp 2024-06-25
domain blockchain-newtech.com 2024-06-25
domain chaingrown.com 2024-06-25
hostname blog.phylum.io 2024-06-25
hostname www.attackify.com 2024-06-25
References (1)
↗ https://mp.weixin.qq.com/s/f5YE12w3x3wad5EO0EB53Q