← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Exposing Attack Operations Utilizing PyPI Against Windows, Linux and macOS Platforms
WHITE APT-C-26 (Lazarus) AlienVault 2024-07-08 Modified: 2024-08-07
75
IOCs
HIGH VOLUME
The report details the APT-C-26 (Lazarus) group's recent attack campaign utilizing malicious Python packages hosted on the PyPI repository to deliver payloads targeting multiple platforms including Windows, Linux, and macOS. It analyzes the attack flow, delivery methods, and malware components involved, providing insights into the group's tactics and capabilities spanning various operating systems. The report also attributes the activity to the Lazarus group based on evidence linking it to their previous attack patterns and infrastructure.
lazarussupply chaincross-platformaptmalwarepypicomebacker
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Comebacker
Indicators of Compromise (75)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 05957d98a75c04597649295dc846682d 2024-07-08
FileHash-MD5 10f190b9bbb875d3b2582ae9229da634 2024-07-08
FileHash-MD5 11c0ce888a5aedf82c509c4dca1b5b00 2024-07-08
FileHash-MD5 133b1621d76bd7f1f4c814f53cd501bc 2024-07-08
FileHash-MD5 1352f2621107e503cddde3bcc0d53d52 2024-07-08
FileHash-MD5 15a5fc35905624174077afcc1eaaa4ea 2024-07-08
FileHash-MD5 1f76eb089ef9f9cbf6840eb5231b2e75 2024-07-08
FileHash-MD5 267ef172f81bb8577e5371fbf20f7306 2024-07-08
FileHash-MD5 330fff5b3c54a03fd59a64981e96814d 2024-07-08
FileHash-MD5 33c9a47debdb07824c6c51e13740bdfe 2024-07-08
FileHash-MD5 3fcb2ccdc883d8f2d1a3761c1dc5cb3e 2024-07-08
FileHash-MD5 420f6e424b1b4a5b9d817c73f9eafa84 2024-07-08
FileHash-MD5 46127a35b73b714a9c5c58aaa43cb51f 2024-07-08
FileHash-MD5 494f2cc788afc585b4a5bd39ecb6dcca 2024-07-08
FileHash-MD5 4b3462420d5b05c78cfefec0e233b4ef 2024-07-08
FileHash-MD5 5a25375f2b23680690fe82c99cf3d314 2024-07-08
FileHash-MD5 67d112a63fd9c9c9ebb022675e794322 2024-07-08
FileHash-MD5 716f20a45816101a1dc58a02f776ea24 2024-07-08
FileHash-MD5 73850470a358c79b0a67eb809491dfdb 2024-07-08
FileHash-MD5 744187fb884a7650f4981d0d28ffdfd4 2024-07-08
FileHash-MD5 79a022c9b41cab5900a46c4b59c02954 2024-07-08
FileHash-MD5 7f30ca2454e02be1d5e71b3682b04ea5 2024-07-08
FileHash-MD5 864cbadfcc4a6d3554c032e7eb30d03f 2024-07-08
FileHash-MD5 8c351d35369a63d6c4a1478428a593d7 2024-07-08
FileHash-MD5 8c9094137a1624abb0f94d5fb3143d1e 2024-07-08
FileHash-MD5 8eca54af4e9e013acff7b2f18ac6ccff 2024-07-08
FileHash-MD5 a6e7c231a699d4efe85080ce5fb36dfb 2024-07-08
FileHash-MD5 b62c912de846e743effdf7e5654a7605 2024-07-08
FileHash-MD5 cd980f9f4de27f712f69ad31f8cc13a9 2024-07-08
FileHash-MD5 e88528ac23092ba628523654cad8abc4 2024-07-08
FileHash-MD5 f2013e689dad863e02bfda9481f37085 2024-07-08
FileHash-MD5 f50c83a4147b86cdb20cc1fbae458865 2024-07-08
FileHash-SHA1 0ad73f5d07490c7928aaeffa9bb98db25aa5b779 2024-07-08
FileHash-SHA1 1506d56030c8ea163cebc0c5c1ed0a9c767e4ebe 2024-07-08
FileHash-SHA1 23bfe4c29c05c8d161ec3f63186337cb12a2382b 2024-07-08
FileHash-SHA1 2fec035370124bc081185f16273f866242cfccca 2024-07-08
FileHash-SHA1 3704be197a444ce9912032183a4a64254c2854d0 2024-07-08
FileHash-SHA1 461e4e6e8240cc43f4c19dc3dbb365575e06e259 2024-07-08
FileHash-SHA1 550bdf367fba63a81276465a65dcb64280240dda 2024-07-08
FileHash-SHA1 5666f4c02198bb68c32119dbbd49dce6edd0d735 2024-07-08
FileHash-SHA1 5ca15530c5558c479c4640267d49075947257f2e 2024-07-08
FileHash-SHA1 779ef76c82909b7f3b9c20de16021708589d443c 2024-07-08
FileHash-SHA1 7b6e6487b803bbe85d7466b89da51a269fa4fc29 2024-07-08
FileHash-SHA1 9bf30dec21ac9bf56ae5b19030bc628e043ef13f 2024-07-08
FileHash-SHA1 dd4f63ede64bbd8a2cfa8771ac678c5558fe936d 2024-07-08
FileHash-SHA1 e2e7e6fc9287fe3dd8314527135eae8acccba69b 2024-07-08
FileHash-SHA1 eb6b008bbcc402ef9020c0e44060e422d30a3eb9 2024-07-08
FileHash-SHA1 f0258bc860fcce034d58a682a494046f1eda8acb 2024-07-08
FileHash-SHA1 ff3130c486adbd9f969d14180ce3f8b485cdc682 2024-07-08
FileHash-SHA256 01c5836655c6a4212676c78ec96c0ac6b778a411e61a2da1f545eba8f784e980 2024-07-08
FileHash-SHA256 173e6bc33efc7a03da06bf5f8686a89bbed54b6fc8a4263035b7950ed3886179 2024-07-08
FileHash-SHA256 17d3593519f6a016879093bfb7cc63070646951191e28c1dfad52942099f59cc 2024-07-08
FileHash-SHA256 1a9cea5e43cfe6377b20f09becf8547deba702718d1ee220ef677f53f30e820d 2024-07-08
FileHash-SHA256 26437bc68133c2ca09bb56bc011dd1b713f8ee40a2acc2488b102dd037641c6e 2024-07-08
FileHash-SHA256 2c8f00824ca2b4ddb4e2e910ee042ba46a570984d1bc094f0014655d883b8519 2024-07-08
FileHash-SHA256 3ab6e6fc888e4df602eff1c5bc24f3e976215d1e4a58f963834e5b225a3821f5 2024-07-08
FileHash-SHA256 60c080a29f58cf861f5e7c7fc5e5bddc7e63dd1db0badc06729d91f65957e9ce 2024-07-08
FileHash-SHA256 6bba8f488c23a0e0f753ac21cd83ddeac5c4d14b70d4426d7cdeebdf813a1094 2024-07-08
FileHash-SHA256 70c5b64589277ace59db86d19d846a9236214b48aacabbaf880f2b6355ab5260 2024-07-08
FileHash-SHA256 8fb6d8a5013bd3a36c605031e86fd1f6bb7c3fdba722e58ee2f4769a820b86b0 2024-07-08
FileHash-SHA256 956d2ed558e3c6e447e3d4424d6b14e81f74b63762238e84069f9a7610aa2531 2024-07-08
FileHash-SHA256 973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c 2024-07-08
FileHash-SHA256 b4a04b450bb7cae5ea578e79ae9d0f203711c18c3f3a6de9900d2bdfaa4e7f67 2024-07-08
FileHash-SHA256 b4c8c149005a43ae043038d4d62631dc1a0f57514c7cbf4f7726add7ec67981a 2024-07-08
FileHash-SHA256 c56c94e21913b2df4be293001da84c3bb20badf823ccf5b6a396f5f49df5efff 2024-07-08
FileHash-SHA256 e9d478dca6ce1b642abfdb94af21f0d567594479a14d3780e148400649591fcf 2024-07-08
URL http://91.206.178.125/upload/upload.asp 2024-07-08
URL http://91.206.178.125:80 2024-07-08
domain angeldonationblog.com 2024-07-08
domain arcashop.org 2024-07-08
domain blockchain-newtech.com 2024-07-08
domain chaingrown.com 2024-07-08
domain fasttet.com 2024-07-08
domain jdkgradle.com 2024-07-08
domain pypi.online 2024-07-08
References (1)
↗ https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA%3D%3D&mid=2247499462&idx=1&sn=7cc55f3cc2740e8818648efbec21615f&chksm=f9c1cdcfceb644d9a6f169ca81188a0e3ab4a9799437f6c57b71ede3ac6aab6d121dd023d42a&scene=178&cur_album_id=1955835290309230595