Actors
Naming registry
Threats
Is my stack targeted?
Campaigns
Track campaigns
Compare
Attribution by source
Search
Full text search

Hidden Cobra Operations

US-CERT attributed North Korean DPRK operations including Joanap backdoor and Brambul SMB worm campaigns.

Start date
1 January 2018
End date
Techniques
20

Indicators of compromise

164
93 ip45 md513 sha113 sha256

Attributed actors

Lazarus Group· primary

Techniques (20)

command-and-control3
T1573.001Symmetric Cryptography
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access1
T1003.001LSASS Memory
defense-impairment1
T1070.001Clear Windows Event Logs
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.001PowerShell
T1053.005Scheduled Task
exfiltration1
T1041Exfiltration Over C2 Channel
impact1
T1485Data Destruction
initial-access2
T1078Valid Accounts
T1566.001Spearphishing Attachment
lateral-movement2
T1021.001Remote Desktop Protocol
T1021.002SMB/Windows Admin Shares
persistence4
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1543.003Windows Service
T1053.005Scheduled Task
privilege-escalation5
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1055Process Injection
T1543.003Windows Service
T1053.005Scheduled Task
stealth3
T1078Valid Accounts
T1055Process Injection
T1027Obfuscated Files or Information

Indicators of compromise (164)

SHA113
f4eb6a50c60320edafb3e48c612c6a55560d0684confirmed
41a938499048a6ad8034d09e2fbb893da8f13ca9confirmed
8d62498656db928f987b47bdbcfab5d6032be48aconfirmed
b775d753671133cbc4919764d2fac0d298166b07confirmed
70730e608e2fcc68ce468ed148e965c5bacfb51cconfirmed
9b7609349a4b9128b9db8f11ac1c77728258862cconfirmed
6b1ddf0e63e04146d68cd33b0e18e668b29035c4confirmed
2e0f666831f64d7383a11b444e2c16b38231f481confirmed
cb96e29332fe94d1a70309837f73daf7bec81284confirmed
80fac6361184a3e24b33f6acb8688a6b7276b0f2confirmed
df466a1f473c7c5eba5f22d90822fd1430b6a244confirmed
0202942d11c994cece943bb873f3af156d820f59confirmed
c60c18fc0226a53be15637ee3ef0b73b0dabd854confirmed
IP93
117.179.224.33confirmed
177.41.74.199confirmed
190.60.109.166confirmed
181.119.19.56confirmed
113.57.34.213confirmed
114.79.191.185confirmed
81.247.219.196confirmed
111.255.198.92confirmed
114.36.3.66confirmed
49.206.105.206confirmed
181.234.231.152confirmed
179.107.219.90confirmed
202.142.71.166confirmed
1.169.112.88confirmed
146.88.205.56confirmed
2.187.201.47confirmed
59.95.151.28confirmed
95.184.0.49confirmed
36.231.179.65confirmed
188.54.209.88confirmed
51.235.186.186confirmed
114.36.15.80confirmed
1.170.194.142confirmed
59.92.70.122confirmed
59.92.69.202confirmed
36.231.36.64confirmed
189.15.173.106confirmed
138.204.211.197confirmed
2.182.31.195confirmed
59.92.69.51confirmed
196.221.41.109confirmed
5.156.110.212confirmed
114.26.231.136confirmed
80.91.118.45confirmed
90.236.254.71confirmed
1.186.218.107confirmed
177.221.11.233confirmed
200.82.62.24confirmed
124.43.39.105confirmed
5.156.137.47confirmed
98.101.211.162confirmed
36.229.45.69confirmed
36.235.81.169confirmed
184.107.209.2confirmed
117.213.170.252confirmed
61.3.239.224confirmed
59.92.69.23confirmed
187.127.112.60confirmed
103.227.174.79confirmed
111.253.145.11confirmed
181.1.253.234confirmed
124.43.35.86confirmed
36.238.65.99confirmed
59.92.69.254confirmed
124.43.41.48confirmed
59.92.70.162confirmed
110.36.226.146confirmed
81.0.213.173confirmed
124.43.41.213confirmed
95.218.39.84confirmed
123.201.161.60confirmed
81.243.151.226confirmed
187.127.115.206confirmed
59.92.70.164confirmed
203.130.24.202confirmed
188.49.198.65confirmed
117.213.170.132confirmed
2.182.31.181confirmed
117.213.169.79confirmed
117.254.85.138confirmed
2.137.162.251confirmed
157.49.171.35confirmed
49.206.100.19confirmed
188.54.251.115confirmed
117.214.92.199confirmed
177.221.11.176confirmed
82.212.93.217confirmed
122.121.9.203confirmed
114.46.75.51confirmed
176.45.248.239confirmed
1.160.139.122confirmed
59.90.93.97confirmed
124.43.42.30confirmed
59.97.22.192confirmed
2.182.31.84confirmed
176.45.234.206confirmed
196.204.141.76confirmed
111.207.78.204confirmed
103.71.212.72confirmed
114.39.179.133confirmed
176.47.60.110confirmed
106.51.226.188confirmed
90.148.206.252confirmed
MD545
e6e5ce270a5e80221a815dbf739883a2confirmed
ad711ec082866631d620286bb36fdb72confirmed
81c12eb5fc3cbdd06675cd1097363a40confirmed
3229a6cea658b1b3ca5ca9ad7b40d8d4confirmed
77c814f5856057e7a7f6237bbba51a76confirmed
1d905ad87919346eb6c8463f61b599e8confirmed
48eb8a67d4fd42ea24da9dc9029cb101confirmed
b97c14b801643b3a61ea28266f3f71b1confirmed
bfb41bc0c3856aa0a81a5256b7b8da51confirmed
b6fa7b267ea19010d44f056ec3cca39dconfirmed
45584c7afdc086b651d7299673643506confirmed
4731cbaee7aca37b596e38690160a749confirmed
e86c2f4fc88918246bf697b6a404c3eaconfirmed
33b066692952c4534ebf0a56ca293085confirmed
2539474aa6202371abd37a4d66031955confirmed
bf474b8acd55380b1169bb949d60e9e4confirmed
3ad7431aaa87a1e6b6400ca9b273d98aconfirmed
24baa03194bc78f0184ea606128bc80fconfirmed
afdf2120655e37010482a536d552199econfirmed
9722bc9e0efb4214116066d1ff14094cconfirmed
6ab301fc3296e1ceb140bf5d294894c5confirmed
c23d2715b42b072fcf86b2aa58807b56confirmed
4613f51087f01715bf9132c704aea2c2confirmed
298775b04a166ff4b8fbd3609e716945confirmed
bbeec3983cc5b2094f8311718d327480confirmed
ca67f84d5a4ac1459934128442c53b03confirmed
e321dba33ae4db3b9e29aa6072b92e77confirmed
b4eed5366c4254a3c7f6c2f021c29efeconfirmed
914f25782a74f42e42d7974b13bd01c8confirmed
f066de8df54d4f92795472d981374309confirmed
ef9db20ab0eebf0b7c55af4ec0b7bcedconfirmed
2082ea5adc4b910e8673c04dc7d962d2confirmed
77b50bb476a85a7aa30c962a389838aaconfirmed
1c53e7269fe9d84c6df0a25ba59b822cconfirmed
170ce86f9a7ffcd242f3903fafe1f302confirmed
5b1f93f0412e9f1c7a7ad42d729b292bconfirmed
3184d0afb653bf0723cadccc14d92071confirmed
e6ea312f762f4df521b229a77f186664confirmed
a256d5f52608331df8545a9d38751462confirmed
6e501513865a783fa945269010ac3785confirmed
de3fe99833797faa77379640174d16c4confirmed
c139ac9cb34e0620a10c15e5d42b85d2confirmed
55b6d1ed6d76c7d17cc270bc1843d2cbconfirmed
1076ec3948d21da8d6c5036548880c63confirmed
0cc425d0556c63acb7c04b9b1a211d5bconfirmed
SHA25613
3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210confirmed
201c7cd10a2bd50dde0948d14c3c7a0732955c908a3392aee3d08b94470c9d33confirmed
077d9e0e12357d27f7f0c336239e961a7049971446f7a3f10268d9439ef67885confirmed
fe7d35d19af5f5ae2939457a06868754b8bdd022e1ff5bdbe4e7c135c48f9a16confirmed
ea46ed5aed900cd9f01156a1cd446cbb3e10191f9f980e9f710ea1c20440c781confirmed
40ef57ca2a617f5d24ac624339ba2027b6cf301c28684bf8b2075fc7a2e95116confirmed
a1c483b0ee740291b91b11e18dd05f0a460127acfc19d47b446d11cd0e26d717confirmed
d1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92confirmed
20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64confirmed
c9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777confirmed
4bd7d801d7ce3fe9c2928dbc834b296e934473f5bbcc9a1fd18af5ebd43192cdconfirmed
546dbd370a40c8e46f9b599a414f25000eec5ae6b3e046a035fe6e6cd5d874e1confirmed
e088c3a0b0f466df5329d9a66ff618de3d468d8a5981715303babb1452631eefconfirmed