Shares tag: BLINDINGCAN
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
2023-09-29 • ESET •
The name for Operation DreamJob was coined in a blogpost by ClearSky from August 2020, describing a Lazarus campaign targeting defense and aerospace companies, with the objective of cyberespionage. Lazarus operators obtained initial access to the company’s network last year after a successful spearphishing campaign, masquerading as a recruiter for Meta – the company behind Facebook, Instagram, and WhatsApp. Aerospace companies are not an unusual target for North Korea-aligned advanced persistent threat (APT) groups. - We observed new variants of payloads that were previously identified in the Dutch case from last year, such as intermediate loaders and the BlindingCan backdoor linked with Lazarus.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 3007dda05ca8c7de85cd169f3773d43… | 2023-09-29 | 2023-09-29 |
| HASH | c830b895fb934291507e490280164cc… | 2023-09-29 | 2023-09-29 |
| HASH | e18b9743ec203ab49d3b57fed6df5a9… | 2023-09-29 | 2023-09-29 |
| HASH | c136dd71f45eaef3206bf5c03412195… | 2023-09-29 | 2023-09-29 |
| HASH | c273b244ea7dff20b1d6b1c7fd97f34… | 2023-09-29 | 2023-09-29 |
| HASH | 38736ca46d7fc9b9e5c74d192eec26f… | 2023-09-29 | 2023-09-29 |
| HASH | c7c6027abdced3093288ab75fab907c… | 2023-09-29 | 2023-09-29 |
| HASH | 8cb37fa97e936f45fa8ecd7eb5cfb68… | 2023-09-29 | 2023-09-29 |
| HASH | 0f33ece7c32074520fbea46314d7d5a… | 2023-09-29 | 2023-09-29 |
| HASH | ebd3ef268c71a0ed11ae103aa745f1d… | 2023-09-29 | 2023-09-29 |
| HASH | 247c5f59cffbaf099203f5ba3680f82… | 2023-09-29 | 2023-09-29 |
| HASH | 10bd3e6ba6a48d3f2e056c4f974d905… | 2023-09-29 | 2023-09-29 |
| HASH | e61672b23dbd03fe3b97ee469fa0895… | 2023-09-29 | 2023-09-29 |
| URL | https://kapata-arkeologi.kemdik… | 2023-09-29 | 2023-09-29 |
| URL | http://barsaji.com.mx/src/recap… | 2023-09-29 | 2023-09-29 |
| URL | https://kerstpakketten.horesca-… | 2023-09-29 | 2023-09-29 |
| URL | http://bug.restoroad.com/admin/… | 2023-09-29 | 2023-09-29 |
| URL | https://www.radiographers.org/a… | 2023-09-29 | 2023-09-29 |
| URL | https://nrfm.lk/wp-includes/Sim… | 2023-09-29 | 2023-09-29 |
| URL | https://kittimasszazs.hu/images… | 2023-09-29 | 2023-09-29 |
| DOMAIN | kerstpakketten.horesca-meppel.nl | 2023-09-29 | 2023-09-29 |
| DOMAIN | mantis.quick.net | 2023-09-29 | 2023-09-29 |
| DOMAIN | bug.restoroad.com | 2023-09-29 | 2023-09-29 |
| DOMAIN | barsaji.com | 2023-09-29 | 2023-09-29 |
| DOMAIN | nrfm.lk | 2023-09-29 | 2023-09-29 |
| DOMAIN | kittimasszazs.hu | 2023-09-29 | 2023-09-29 |
| DOMAIN | barsaji.com.mx | 2023-09-29 | 2023-09-29 |
| IPv4 | 89.187.86.214 | 2023-09-29 | 2023-09-29 |
| IPv4 | 175.207.13.231 | 2023-09-29 | 2023-09-29 |
| IPv4 | 199.188.206.75 | 2023-09-29 | 2023-09-29 |
| IPv4 | 118.98.221.14 | 2023-09-29 | 2023-09-29 |
| IPv4 | 185.51.65.233 | 2023-09-29 | 2023-09-29 |
| IPv4 | 178.251.26.65 | 2023-09-29 | 2023-09-29 |
| IPv4 | 46.105.57.169 | 2023-09-29 | 2023-09-29 |
| IPv4 | 160.153.33.195 | 2023-09-29 | 2023-09-29 |
| URL | http://mantis.quick.net.pl/libr… | 2023-03-09 | 2023-09-29 |
| URL | http://www.keewoom.co.kr/prod_i… | 2023-03-09 | 2023-09-29 |
| DOMAIN | mantis.quick.net.pl | 2023-03-09 | 2023-09-29 |
| IPv4 | 78.11.12.13 | 2023-03-09 | 2023-09-29 |
| IPv4 | 67.225.140.4 | 2022-09-30 | 2023-09-29 |
| IPv4 | 50.192.28.29 | 2022-09-30 | 2023-09-29 |
| URL | https://turnscor.com/wp-include… | 2022-09-14 | 2023-09-29 |
| URL | https://hurricanepub.com/includ… | 2022-09-14 | 2023-09-29 |
| DOMAIN | hurricanepub.com | 2022-09-14 | 2023-09-29 |
| DOMAIN | turnscor.com | 2020-12-15 | 2023-09-29 |
Related Reports
Shares tag: BLINDINGCAN
Shares tag: BLINDINGCAN
Shares tag: BLINDINGCAN
Shares tag: BLINDINGCAN
Shares tag: BLINDINGCAN