OSINT – North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign

Event ID1232
UUID0e887f03-5aa2-4a7b-b0f7-66208c6c657b 
Creator orgCIRCL
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagstype:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex   
Date2022-01-28
Threat LevelMedium
AnalysisCompleted
DistributionAll communities   
PublishedYes 2022-08-17 17:17:09
#Attributes102 (11 Objects)
First recorded change2022-01-28 11:08:48
Last change2022-01-28 11:13:31
Modification map
Sightings0 (0) – restricted to own organisation only.  

Order by dateOrder by count

Related Events

abuse.chMalwareBazaar malware samples for 2022-01-28
2022-01-289

Related Feeds (show)

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

1232: OSINT – North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign

Galaxies

Enterprise Attack – Intrusion Set 

  •  Lazarus Group – G0032   

Threat Actor 

  •  Lazarus Group   

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2022-01-28Object name: report 



References: 
Inherit 
2022-01-28External analysislink:linkhttps://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/    Inherit   (0/0/0)     
2022-01-28Othersummary:textNorth Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign     Inherit   (0/0/0)     
2022-01-28Othertype:textBlog post     Inherit   (0/0/0)     
2022-01-28Object name: pe-section 



References: Referenced by: 
Inherit 
2022-01-28Othername:text.text     Too many correlations. Inherit   (0/0/0)     
2022-01-28Othersize-in-bytes:size-in-bytes46592
45.50 kB
    Inherit   (0/0/0)     
2022-01-28Otherentropy:float6.4148875927601    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md5f0aed239794be6230b9ab92f5ab704d5     Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha127e39594216d890ab8efd47faf297662ca4c1a2b     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha256c1c9a7786bbae2cda2fab4c8cae8d52d40b6aedab454dde6d58dd37bf6f134e0     Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha512c1a7afa5cba92b7a6ac1cdd339db46cfaeafa6f678a0ad3b81da0a5f61cdcda042ce2dd2046a5a2aa67fbecc7d06114135e24257f6597969051305085c7b59f5    Inherit   (0/0/0)         
2022-01-28Payload deliveryssdeep:ssdeep768:HBaDwy8w8oX1pBEIHy3nFka0aY62QltTDbZ6L6ySIdJjGj9H3AJf3CQG8fPPdltt:QDwr3w1pyBFfEqbUUj9XAJ/CuFJ92e    Inherit   (0/0/0)     
2022-01-28Object name: file 



References: 1  
Inherit 
2022-01-28Payload deliveryfilename:filename829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1    Inherit   (0/0/0)         
2022-01-28Othersize-in-bytes:size-in-bytes232936
227.48 kB
    Inherit   (0/0/0)     
2022-01-28Otherentropy:float6.177766830583    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md5490c885dc7ba0f32c07ddfe02a04bbb9     4048 Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha1294690c1aee8dc7723858dafcb2a0ed273296641     4048 Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha256829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1     4048 Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha512127f014d18b926433d56bfee85b350fe36cc26a1442ef8f16cf1c9e6cce95c2f83a8609b9d29e53b7b5617739f760ba4263bd6222870fd25309a16d46000d29c    Inherit   (0/0/0)         
2022-01-28Payload deliverymalware-sample:malware-sample829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1
490c885dc7ba0f32c07ddfe02a04bbb9
    4048 Inherit   (0/0/0)     
2022-01-28Artifacts droppedmimetype:mime-typePE32+ executable (DLL) (GUI) x86-64, for MS Windows    Inherit   (0/0/0)     
2022-01-28Payload deliveryssdeep:ssdeep6144:frSYfjhA5JgZ9fAcb7PNblIbRGCAOJquFDue2ZmrYnp:TSYa5eZ9fAc/PBquOdchZjnp    4048 Inherit   (0/0/0)     
2022-01-28Object name: pe 



References: 7  






Referenced by: 
Inherit 
2022-01-28Othertype:textdll     Inherit   (0/0/0)     
2022-01-28Otherentrypoint-address:text6442460944     Inherit   (0/0/0)     
2022-01-28Othercompilation-timestamp:datetime2022-01-18T06:13:32.000000    Inherit   (0/0/0)     
2022-01-28Payload deliveryoriginal-filename:filenamewuaueng.dll    Inherit   (0/0/0)         
2022-01-28Payload deliveryinternal-filename:filenamewuaueng.dll    Inherit   (0/0/0)         
2022-01-28Otherfile-description:textWindows Update Agent     Inherit   (0/0/0)     
2022-01-28Otherfile-version:text4.0.1.25     Inherit   (0/0/0)     
2022-01-28Otherlang-id:text000004b0     Inherit   (0/0/0)     
2022-01-28Otherproduct-name:textMicrosoft Configuration Application     Inherit   (0/0/0)     
2022-01-28Otherproduct-version:text4.0.1.25     Inherit   (0/0/0)     
2022-01-28Othercompany-name:textMicrosoft Corp     Inherit   (0/0/0)     
2022-01-28Otherlegal-copyright:textCopyright (C) Microsoft Corp.     Inherit   (0/0/0)     
2022-01-28Othernumber-sections:counter7    Inherit   (0/0/0)     
2022-01-28Object name: pe-section 



References: Referenced by: 
Inherit 
2022-01-28Othername:text.reloc     Too many correlations. Inherit   (0/0/0)     
2022-01-28Othersize-in-bytes:size-in-bytes2048
2.00 kB
    Inherit   (0/0/0)     
2022-01-28Otherentropy:float5.4230113038396    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md52aa0d7b076707d0010e22ea3700e2908     Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha1cb29d6dd2e0436c534cf50b2a3a1cea870178a60     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha2563a571b93f652c298c7bc1aa946ed3da514ad8340625e98dd6031f16f2398c42f     Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha512085678dc31d9ba8b3962ba83a18e3f7a60bebd6a4f194dcf8fe4f1e1d2e1bca1d4b75a9b12503e53f6d5615560d7d77a8769fb1548cf931b04185892daeb7c69    Inherit   (0/0/0)         
2022-01-28Payload deliveryssdeep:ssdeep48:uo3X31nnHnnnruEP8P/vcvvf21PcPEvvXn:uYn1nnCvP8vv1PEvvXn    Inherit   (0/0/0)     
2022-01-28Object name: pe-section 



References: Referenced by: 
Inherit 
2022-01-28Othername:text.rsrc     Too many correlations. Inherit   (0/0/0)     
2022-01-28Othersize-in-bytes:size-in-bytes1536
1.50 kB
    Too many correlations. Inherit   (0/0/0)     
2022-01-28Otherentropy:float4.1795068332011    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md56ad7e1cd7c023449d64b63c55d9e1f03     Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha1298de049b63f759862b6d7aab081842c95580277     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha256cab005c0cc2b47db9876d1241800c4c5ff1eb62b826a544f844ca98b40488259     Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha512c65c8418fc1983ae47a849dc1ccc2578d0dba1e63249e8099b5c16206bd64661e7396a6f25306b87936c42fbf5eae15f59f55a53c057b92c9a628738a3cae711    Inherit   (0/0/0)         
2022-01-28Payload deliveryssdeep:ssdeep24:yiDxLCLnZW08TgUt2N7feCtg1ez35W0YwPNr1PnRuV4MPgich:yExLqnZWfTToreCe1e75Wc1RuqSS    Inherit   (0/0/0)     
2022-01-28Object name: pe-section 



References: Referenced by: 
Inherit 
2022-01-28Othername:text.gfids     Inherit   (0/0/0)     
2022-01-28Othersize-in-bytes:size-in-bytes512    Too many correlations. Inherit   (0/0/0)     
2022-01-28Otherentropy:float3.3224068006213    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md577e0d0c0a0ec75ee8d0cb7aa217b54bc     Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha17a6dd6e45e3064a5bf868a3476eb441b26cf9fa9     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha25668c518c2323a239bb752920566802e1933c4fad2b72f026f2418c4f6c4f64603     Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha512b8a721040d6ffac3b49a36dc2387583914e07d15f252c368a38fee47e2760d5b90514320aff9817424002fe18c4c807c500b884c48ac2eb923d93df5040934f4    Inherit   (0/0/0)         
2022-01-28Payload deliveryssdeep:ssdeep3:7nrllrxl1lJr/iAhlt/tJ7/elnlItr/3j8/RlNhfJYiDSBloFelUn:UAgl6tEZoOSTocUn    Inherit   (0/0/0)     
2022-01-28Object name: pe-section 



References: Referenced by: 
Inherit 
2022-01-28Othername:text.pdata     Too many correlations. Inherit   (0/0/0)     
2022-01-28Othersize-in-bytes:size-in-bytes3584
3.50 kB
    Too many correlations. Inherit   (0/0/0)     
2022-01-28Otherentropy:float4.8448250072714    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md55c3f6d30133d10d48d199e3bbff65923     Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha1c5ae3b1dfa841405ab6c9f7a0ca3b57046af35c4     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha256c7a8677bf7e063ccb4509076f90b5dfd1a6c37d0e527bed5584d06fb1e5baf45     Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha512219eace4c63e99889915bd1168fed4c49930e2a65c9fcab793b60a564c9cda970cd594cf2f0ddf8aa6020faf395d8329398ff2cdeb45fb923d66b47194932302    Inherit   (0/0/0)         
2022-01-28Payload deliveryssdeep:ssdeep96:gCjNiHYZdr3KEUFwqihpB/zvEqu+W2NuTwWiQeyaQ2DamCcUliQ:gGiHYvxUw1hpBrDpWXelBcliQ    Inherit   (0/0/0)     
2022-01-28Object name: pe-section 



References: Referenced by: 
Inherit 
2022-01-28Othername:text.data     Too many correlations. Inherit   (0/0/0)     
2022-01-28Othersize-in-bytes:size-in-bytes131584
128.50 kB
    Inherit   (0/0/0)     
2022-01-28Otherentropy:float6.1326950169619    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md5b09cf30705031f9ada3a712ada5736d5     Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha116eec00e49128d6bfd7baafe462c0e5d80d15d94     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha25650a28d8ef5327f37540d689f4009662ee98d59a18b1b23db1887c1d6f56cef48     Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha512d57213ab62eb8c6c6a32bafdb7e63cc48abd1ff892b6fae902bf261650482388745f496106559f9e2c12dddecabcdc6593ccf2636a92e49ac9956f22af28117d    Inherit   (0/0/0)         
2022-01-28Payload deliveryssdeep:ssdeep3072:KDfRKcjX7Fq8RNbujkIb6w/XWlIA9EC8aLuSsqVEGklPbuWHF2Z6bp:KfAcb7PNblIbRGCAOJquFDue2Zm    Inherit   (0/0/0)     
2022-01-28Object name: pe-section 



References: Referenced by: 
Inherit 
2022-01-28Othername:text.rdata     Too many correlations. Inherit   (0/0/0)     
2022-01-28Othersize-in-bytes:size-in-bytes36352
35.50 kB
    Inherit   (0/0/0)     
2022-01-28Otherentropy:float4.8217559509854    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md5a32f7745a4f081d4552edf2a136e4c53     Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha1a4234384c78c294f4f9936a5ff1483b0194a9874     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha2566f8e1efdb5c256a50a99a63e8955c79eddf62d967a5914413cf00f164db21984     Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha5125854dc9e0929eb550f9956e4d04dbaa8bb1288c3203752466441d1a7fd7925fd37426e42fc93490f56defcab1e129dd84b975f4bf9f8093ba9ef12183328f0ee    Inherit   (0/0/0)         
2022-01-28Payload deliveryssdeep:ssdeep768:gCcoWVQxhgWMEjLs0uR2NBdTmV9dlt7atMYBY65:gCBRgW/sWTdc9dltoYO    Inherit   (0/0/0)     
2022-01-28Object name: file 



References: 
Inherit 
2022-01-28Payload deliveryfilename:filename0160375e19e606d06f672be6e43f70fa70093d2a30031affd2929a5c446d07c1    Inherit   (0/0/0)         
2022-01-28Othersize-in-bytes:size-in-bytes1293824
1.23 MB
    Inherit   (0/0/0)     
2022-01-28Otherentropy:float6.8288845317702    Inherit   (0/0/0)     
2022-01-28Payload deliverymd5:md5a27a9324d282d920e495832933d486ee     4048 Inherit   (0/0/0)         
2022-01-28Payload deliverysha1:sha10ab8602cee94f36739b6649467ced514301e58fa     4048 Inherit   (0/0/0)         
2022-01-28Payload deliverysha256:sha2560160375e19e606d06f672be6e43f70fa70093d2a30031affd2929a5c446d07c1     4048 Inherit   (0/0/0)         
2022-01-28Payload deliverysha512:sha51276a3ced357d5fbae7bbb0288c4ddd23e2f8f77b7256f2555b34f666ff2ff7e5a1f1b68f0f53b859c41d57d5ab44129f910e0f1c7b9a51ca079dbbfac6973a96b    Inherit   (0/0/0)         
2022-01-28Payload deliverymalware-sample:malware-sample0160375e19e606d06f672be6e43f70fa70093d2a30031affd2929a5c446d07c1
a27a9324d282d920e495832933d486ee
    4048 Inherit   (0/0/0)     
2022-01-28Artifacts droppedmimetype:mime-typeComposite Document File V2 Document, Little Endian, O%WINDIR%\ Version 10.0, Code page: 1252, Author: Mickey, Template: Normal.dotm, Last Saved By: Challenger, Revision Number: 83, Name of Creating Application: Microsoft Office Word, Total Editing Time: 37:00, Create Time/Date: Fri Apr 24 03:18:00 2020, Last Saved Time/Date: Mon Oct 18 13:06:00 2021, Number of Pages: 1, Number of Words: 4, Number of Characters: 29, Security: 0    Inherit   (0/0/0)     
2022-01-28Payload deliveryssdeep:ssdeep24576:iguUgXlNfAEIk0AKDxj4eigeIAzTQYUrX:inUg/IVGge8    4048 Inherit   (0/0/0)     
2022-01-28Network activitydomainlm-career.com     Inherit   (0/0/0)         
2022-01-28Network activitydomainmarkettrendingcenter.com     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256c677a79b853d3858f8c8b86ccd8c76ebbd1508cc9550f1da2d30be491625b744     Inherit   (0/0/0)         
2022-01-28Payload deliverysha25611b5944715da95e4a57ea54968439d955114088222fd2032d4e0282d12a58abb     Inherit   (0/0/0)         
2022-01-28Payload deliverysha2564216f63870e2cdfe499d09fce9caa301f9546f60a69c4032cb5fb6d5ceb9af32     4048 Inherit   (0/0/0)         
2022-01-28Payload deliverysha2565098ec21c88e14d9039d232106560b3c87487b51b40d6fef28254c37e4865182     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256660e60cc1fd3e155017848a1f6befc4a335825a6ae04f3416b9b148ff156d143     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1     4048 Inherit   (0/0/0)         
2022-01-28Payload deliverysha2569d18defe7390c59a1473f79a2407d072a3f365de9834b8d8be25f7e35a76d818     Inherit   (0/0/0)         
2022-01-28Payload deliverysha256f14b1a91ed1ecd365088ba6de5846788f86689c6c2f2182855d5e0954d62af3b     Inherit   (0/0/0)