针对区块链从业者的招聘陷阱:疑似Lazarus(APT-Q-1)窃密行动分析

2024-05-10 Qianxin Recruitment Traps Targeting Blockchain Workers: Analysis of a Suspected Lazarus APT-Q-1 Data-Theft Operation

https://mp.weixin.qq.com/s/84lUaNSGo4lhQlpnCVUHfQ

Thumbnail for 针对区块链从业者的招聘陷阱:疑似Lazarus(APT-Q-1)窃密行动分析

QiAnXin tied a suspected Lazarus/APT-Q-1 campaign against blockchain developers to the Contagious Interview activity pattern previously reported by Unit 42. Attackers created fake employer, developer, or startup-founder personas on LinkedIn, Upwork, Braintrust, and code-hosting platforms, then persuaded targets to run supplied project code as a coding test or bug-fix task. The ZIP-delivered projects contained malicious JavaScript that collected browser passwords, keychain data, and cryptocurrency wallet extension data across Windows, Linux, and macOS, then sent stolen data to C2 infrastructure such as 147.124.214.237:1244. Follow-on Python components downloaded payloads from endpoints including /clients/, /payload/, and /brow/, with behavior matching BeaverTail and InvisibleFerret and C2 overlap with earlier Contagious Interview samples. The report treats the Lazarus link as probable based on infrastructure overlap, phishing tradecraft, and the group’s long-running focus on cryptocurrency and blockchain targets.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 147.124.214.129 2024-05-10 2026-02-03
IPv4 147.124.214.237 2024-05-10 2026-01-21
IPv4 147.124.214.131 2024-04-25 2026-01-21
IPv4 147.124.212.146 2024-05-10 2025-11-13
IPv4 67.203.7.171 2024-05-10 2025-11-13
IPv4 147.124.212.89 2023-12-12 2025-11-13
IPv4 173.211.106.101 2024-04-25 2025-07-26
IPv4 45.61.131.218 2024-05-10 2025-02-20
IPv4 91.92.120.135 2024-05-10 2024-10-23
IPv4 67.203.7.245 2024-05-10 2024-10-23
IPv4 172.86.97.80 2024-05-10 2024-10-23
IPv4 147.124.213.29 2024-05-10 2024-10-23
IPv4 147.124.213.11 2024-05-10 2024-10-23
IPv4 172.86.123.35 2023-11-21 2024-10-23
HASH 78f972104c48c25b6f5e7d3ffc2b4e1a 2024-05-10 2024-05-10
HASH c1c1c5b2a76a3d463cb4f7c22c88bbe5 2024-05-10 2024-05-10
HASH 7859ef9ca6f7fa800a058d3586164672 2024-05-10 2024-05-10
HASH aad9dcd3a2045dafea47eef776ec5b8a 2024-05-10 2024-05-10
HASH eb0ba3a1623e95e57fb5a2aedb97d45f 2024-05-10 2024-05-10
HASH dbda4a6e6741fa3d7819c3c88ed22e88 2024-05-10 2024-05-10
HASH a6fad33175e33ab7306e879f4f022662 2024-05-10 2024-05-10
HASH d7783ba8476f1a2f0831f32abf9c3e69 2024-05-10 2024-05-10
HASH 95362a0f440990992cc9ad04e6675e77 2024-05-10 2024-05-10
HASH 1ca6bcea09b3b9b3cb338faf8161b7e8 2024-05-10 2024-05-10
HASH c753611ab87bd41cdf4ff9b140440fe2 2024-05-10 2024-05-10
HASH 93b7dbf5980de29cf7fb9a610229bb5a 2024-05-10 2024-05-10
HASH ca294d9ccb1e41dd8592cec7158590cb 2024-05-10 2024-05-10
HASH 1822bea1d0ec9ae1db9c265386699102 2024-05-10 2024-05-10
HASH 5cb77e93ebe96f22741285592cd35100 2024-05-10 2024-05-10
HASH fa174cdd22080f11e13844c1e3326cd2 2024-05-10 2024-05-10
HASH 97868b884fc9d01c0cb1f3fa4d80b09f 2024-05-10 2024-05-10
HASH 560a2438bea7a7421b92f66b4d7c756b 2024-05-10 2024-05-10
HASH 1948c99104e09ecaa0f4cb3fdac276d5 2024-05-10 2024-05-10
HASH 2a16962b336cc5296bb4e4230a5e5404 2024-05-10 2024-05-10
HASH 1e20dfc8145abced35dd934d5136e5dd 2024-05-10 2024-05-10
HASH d3a85f6ccf117fb1cdb506094edddd22 2024-05-10 2024-05-10
HASH 110a7556e2ebcca7255be1c6ee999b94 2024-05-10 2024-05-10
HASH ac55b61572eb8424192316c0970ccb54 2024-05-10 2024-05-10
HASH 53ec27df858d3d133808ec338df29fc6 2024-05-10 2024-05-10
HASH 67cee5b180370eb03d9606f481e48f36 2024-05-10 2024-05-10
HASH 04e5082bdeebfbbc2aef66b17e64e2f7 2024-05-10 2024-05-10
HASH d6c5c1d4510d0fccad5e0bc1de3cf80e 2024-05-10 2024-05-10
HASH 46b2cfef633e6e531928a9c606b40b16 2024-05-10 2024-05-10
HASH 647d26e94b9be5a1237a59d0b2b38442 2024-05-10 2024-05-10
HASH a07cd2703361ad566c5857a4e8e1652a 2024-05-10 2024-05-10
HASH e8fcc05c328b612918b3384638873a6d 2024-05-10 2024-05-10
HASH 51494dc0c88cc2d8733dd82c2e63e0d6 2024-05-10 2024-05-10
HASH 6e5a8473832d376165906a99395ec1bd 2024-05-10 2024-05-10
HASH c2d7a7460bb15b3a9c082f6d88ee0b84 2024-05-10 2024-05-10
HASH 2ed1b50ed4ca84c0fdde84a585fac536 2024-05-10 2024-05-10
HASH 58db0d021b75eb2a581c7773844703b5 2024-05-10 2024-05-10
HASH 7a5a694ac7d4068f580be624ece44f4f 2024-05-10 2024-05-10
HASH c4c62c35ac06ffa843d2f84af089c94c 2024-05-10 2024-05-10
HASH 37f4c3fb5925f0e39b2c9e7e5eb4450d 2024-05-10 2024-05-10
HASH 8e13d8b8d0c965b95408a2efdde32847 2024-05-10 2024-05-10
HASH f1b78698b108fbf5bfcbb6d7f3bbad76 2024-05-10 2024-05-10
HASH ebe250b7ca9122231f1d114b12d27821 2024-05-10 2024-05-10
HASH 31725dc195bb09fc32a842a554cc931b 2024-05-10 2024-05-10
HASH 3b5501885ba5283ec08101bc4cb9d613 2024-05-10 2024-05-10
HASH 4120ce03d7d662d5ddf10e4565495055 2024-05-10 2024-05-10
HASH ce00e20489f75fde53992bc69abe7b62 2024-05-10 2024-05-10
HASH 979bb789ecd5a3881ad3d4823ca8fdc1 2024-05-10 2024-05-10
HASH 31922228868dc24dfe9b067d2b3c6d18 2024-05-10 2024-05-10
HASH b73ba1327abb95eba44a233d9d502c79 2024-05-10 2024-05-10
HASH 093ea7c80ab1a192a91f4132078c02b1 2024-05-10 2024-05-10
HASH 7624fc8b47cb58444ff0176edd7f15cb 2024-05-10 2024-05-10
HASH 804ac0a47f7bb78afa666358325629bc 2024-05-10 2024-05-10
HASH 6ca874b098ba768ad5814bef9cf409fa 2024-05-10 2024-05-10
HASH 907f39788d1d1439eed333091fd16730 2024-05-10 2024-05-10
HASH e6d09c7ad340d10109e6781bfb05a319 2024-05-10 2024-05-10
HASH 48fc7c946c34771b82a5e49a93d405a6 2024-05-10 2024-05-10
HASH 5e5f51a859b170151714df1c5b648e31 2024-05-10 2024-05-10
HASH 355b1bedeb19b546800de5ecc7933849 2024-05-10 2024-05-10
HASH 1a7581f412ff361d82091eb5f07c27a8 2024-05-10 2024-05-10
HASH 67d5c6db5cc292e00fdcfeb11fda9e0e 2024-05-10 2024-05-10
HASH 770ce85b7d4658812562be93e7a5ea52 2024-05-10 2024-05-10
HASH 0f229f0929c081cab93f8276e29fe11b 2024-05-10 2024-05-10

Related Actors

Related Reports

« Back