Since the hacking of Sony Pictures

2018-11-01 Ahnlab

https://www.virusbulletin.com/virusbulletin/2018/11/vb2018-paper-hacking-sony-pictures/

Thumbnail for Since the hacking of Sony Pictures

Virus Bulletin analyzes Lazarus-linked activity after Sony Pictures, connecting the 2014 destructive intrusion to earlier Korean bank and media attacks through shared malware code and tool features. The paper describes continued targeted attacks on Korean companies and institutions, including a Seoul ADEX 2015 zero-day, compromises of ICT and web-hosting providers, suspected cryptocurrency-exchange activity, and 2017 cryptocurrency and casino incidents. It distinguishes Bluenoroff as focused on financial institutions and cryptocurrency exchanges and Andariel as South Korea-focused, including military and defense data theft and later financial-sector operations. The excerpt also notes Escad backdoors with clear C2 IP storage, XOR 0xA7 string encryption, unusual dotted cmd.exe API strings, and fake SSL code as recurring technical artifacts.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 4c2efe2f1253b94f16a1cab032f36c7… 2018-11-01 2020-03-09
HASH 82e195bc7302e8b64aedf48af889a376 2018-11-01 2018-11-01
HASH 0a93ccec3824569f7bc55c520de4fc4f 2018-11-01 2018-11-01
HASH ae44cb4b42debf7507313cfa56f1158d 2018-11-01 2018-11-01
HASH 0fe856d398c877ba0cb7019e983b5c84 2018-11-01 2018-11-01
HASH 964bf53c43c9168a3fa6dc6392cb3332 2018-11-01 2018-11-01
HASH cffb5d8fc73d9e7cc5860bd6f3177b1c 2018-11-01 2018-11-01
HASH a5220e91d8daca4a6a6a75151efb8339 2018-11-01 2018-11-01
HASH ecddd99fe084e01213edefb4dbc1d68… 2018-11-01 2018-11-01
HASH 58b7cd75f61f6e8d3f270582a06808c… 2018-11-01 2018-11-01
HASH 3e221003d89b629f3d9a9a75e5af90b… 2018-11-01 2018-11-01
HASH c44a91c69d8275e4173893499beb9315 2018-11-01 2018-11-01
HASH 8c2b014f0ad27a3a325f15c916cdc9f… 2018-11-01 2018-11-01
HASH d36f79df9a289d01cbb89852b2612fd… 2018-11-01 2018-11-01
HASH bce2cf667396b79f6df3475dc2b1d63a 2018-11-01 2018-11-01
HASH bf711a9967824bfe06d061af2c3edf0… 2018-11-01 2018-11-01
HASH 37be47f8df3c94d365d693855d1af5a… 2018-11-01 2018-11-01
HASH 6a9919037dd2111300e62493e3c8074… 2018-11-01 2018-11-01
HASH 11e9adc037b0409d0512504f348c2ff… 2018-11-01 2018-11-01
HASH d306065bab5b742f669bb1efcebaed3a 2018-11-01 2018-11-01
HASH b79faac94bde8481aea8ebd97fb506b… 2018-11-01 2018-11-01
HASH d1aaf2f58def16caac1c8d3cb46df9f4 2018-11-01 2018-11-01
HASH 4ef025dd920c952595b5107ba5eaf89… 2018-11-01 2018-11-01
HASH 218ee208323dc38ebc7f63dba73fac5… 2018-11-01 2018-11-01
HASH b6d540571b2cb58057631a108ecef2b… 2018-11-01 2018-11-01
HASH 6467c6df4ba4526c7f7a7bc950bd47eb 2018-11-01 2018-11-01
HASH 33e99f86d1c94c2798ee1ded42d5138… 2018-11-01 2018-11-01
HASH 49ace8a624dd22f3110f041a324d1646 2018-11-01 2018-11-01
HASH 65da2d2c6726c05fc863c81a2b114c2a 2018-11-01 2018-11-01
HASH 258beb2a8d7df3c55cff946a3667735… 2018-11-01 2018-11-01
HASH b039383a19e3da74a5a631dfe4e5050… 2018-11-01 2018-11-01
HASH fa73530df2d2cec5e591a9d666fccfa2 2018-11-01 2018-11-01
HASH 310f5b1bd7fb305023c955e55064e828 2018-11-01 2018-11-01
HASH eff542ac8e37db48821cb4e5a7d95c0… 2016-05-27 2018-11-01
HASH e904bf93403c0fb08b9683a9e858c73e 2014-12-04 2018-11-01

Related Actors

Related Reports

« Back