lazarusholicApr 1, 2025
"Demystifying the North Korean Threat" published by Paradigm. #AppleJeus, #ITWorker, #Lazarus, #Trend, #DangerousPassword, #TraderTraitor, #DPRK, #CTI https://www.paradigm.xyz/2025/03/demystifying-the-north-korean-threat
Demystifying the North Korean Threat

There’s more to the DPRK than just Lazarus Group.

Paradigm
lazarusholicJan 20, 2025
"Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours" published by JPCERT. #AppleJeus, #DangerousPassword, #DreamJob, #Lazarus, #DPRK, #CTI https://blogs.jpcert.or.jp/en/2025/01/initial_attack_vector.html
Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours - JPCERT/CC Eyes

There have recently been reports of unau...

JPCERT/CC Eyes
lazarusholicJan 10, 2025
"あなたではなく組織の財産を狙うLinkedIn経由のコンタクトにご用心" published by JPCERT. #AppleJeus, #DangerousPassword, #DreamJob, #Lazarus, #DPRK, #CTI https://blogs.jpcert.or.jp/ja/2025/01/initial_attack_vector.html
あなたではなく組織の財産を狙うLinkedIn経由のコンタクトにご用心 - JPCERT/CC Eyes

報道等でご承知のとおり、国内にてLinkedInを初期感染経路とする不正アクセス...

JPCERT/CC Eyes
lazarusholicJul 19, 2023
"DangerousPassword attacks targeting developers’ Windows, macOS, and Linux environments" published by JPCERT. #DangerousPassword, #JokerSpy, #CTI, #OSINT, #LAZARUS https://blogs.jpcert.or.jp/en/2023/07/dangerouspassword_dev.html
DangerousPassword attacks targeting developers’ Windows, macOS, and Linux environments - JPCERT/CC Eyes

At the end of May 2023, JPCERT/CC confirmed an attack targeting developers of cryptocurrency exchange businesses, and it is considered to be related to the targeted attack group DangerousPassword [1], [2] (a.k.a. CryptoMimic or SnatchCrypto), which has been continuously attacking...

JPCERT/CC Eyes
lazarusholicJul 12, 2023
"開発者のWindows、macOS、Linux環境を狙ったDangerousPasswordによる攻撃" published by JPCERT. #DangerousPassword, #JokerSpy, #CTI, #OSINT, #LAZARUS https://blogs.jpcert.or.jp/ja/2023/07/dangerouspassword_dev.html
開発者のWindows、macOS、Linux環境を狙ったDangerousPasswordによる攻撃 - JPCERT/CC Eyes

JPCERT/CCは、2019年6月から継続して攻撃を行っている標的型攻撃グルー...

JPCERT/CC Eyes
lazarusholicMay 15, 2023
"Attack Trends Related to DangerousPassword" published by JPCERT. #DangerousPassword, #CTI, #OSINT, #LAZARUS https://blogs.jpcert.or.jp/en/2023/05/dangerouspassword.html
Attack Trends Related to DangerousPassword - JPCERT/CC Eyes

JPCERT/CC has observed attacks on cryptocurrency exchanges believed to be related to DangerousPassword attack campaign (also known as CryptoMimic or SnatchCrypto) continuously since June 2019. For many years, attackers have been using an attack technique of infecting targets with malware...

JPCERT/CC Eyes
JaziDec 12, 2022

#DangerousPassword (#Lazarus) #APT
It targets Polish speaking people:

Lnk:
hasło.txt.lnk (password.txt.lnk)
b860a22f327bce97aa198a5e859ae20a
Decoy:
podwyżka wypłaty.pdf (pay raise.pdf)

Archive file:
1d1a1419db6e328e54d33fb2b124e334
C2:
microshare[.]cloud
one.microshare[.]cloud

Mimi_Sec The Forever StudentNov 18, 2022

#APT #Malware #Threatintel #DangerousPassword

Some more dangerous password stuff

credit: souiten

file:
Password.txt.lnk
b3a413ca95799de4a37403edc18afe34
21e9ddd5753363c9a1f36240f989d3a9

https[:]//www.capmarketreport[.]com/packageupd.msi?ccop=RoPbnVqYd
149.28.247[.]34