Analysis of THREATNEEDLE C&C Communication (feat. Google TAG Warning to Researchers)

2021-01-27 S2W

https://medium.com/s2wlab/analysis-of-threatneedle-c-c-communication-feat-google-tag-warning-to-researchers-782aa51cf74

Thumbnail for Analysis of THREATNEEDLE C&C Communication (feat. Google TAG Warning to Researchers)

Malware mentioned in “North Korean hackers have targeted security researchers via social media report” published by Google Threat Analysis Group (TAG) is considered to be a ThreatNeedle which is dubbed by Kaspersky. In addition, the malware and C2 communication have in common with Operation MalBus. We already disclosed the deep analysis regarding C2 communication of ThreatNeedle at DCC 2019 and Kaspersky SAS Lightning Talk 2019. ThreatNeedle is already known that it has been used by the Lazarus group along with Manuscrypt from the past.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 07375a711dda055cfb8777d31aff9cf… 2021-01-27 2021-01-27
HASH 011cc019872f75c30cfa1d41201fc23… 2021-01-27 2021-01-27
HASH 3fd610f69ef1808431b090c40a06562… 2021-01-27 2021-01-27
HASH 46196370d2cd24b19bd1272a9c3632e… 2021-01-27 2021-01-27
HASH 9f5e407601032063e1f1d263e9a2b11… 2021-01-27 2021-01-27
HASH e0a62ba2c58b1a8e9484f1c4452aaaf… 2021-01-27 2021-01-27
HASH 1a327cced0b0c0bf99146f276fb7a93… 2021-01-27 2021-01-27
HASH cd4658151e41749ec71fe64d9e88b35… 2021-01-27 2021-01-27

Related Reports

« Back