Since the hacking of Sony Pictures
Contents
AhnLab, South Korea
Copyright © 2018 Virus Bulletin
Abstract
Overview
Sony Pictures hack
Characteristics of malware
Operation Mystery Dot (2011–2014)
Dropper (2011)
Redobot (KorDllbot)
Early version of Escad (2014)
Operation Red Dot (2014–2015)
Changes in malware
Operation Big Pond (2015–2017)
Operation Coin Rush (2017–2018)
Suspicious activities
Navepry
Lazarus connections
Conclusion
References
The Sony Pictures hack occurred in 2014, and the news that the company's internal data had been destroyed and confidential data had been leaked was publicized worldwide. When Korean malware researchers first heard about the attack, they recalled the attacks against Korean banks and media companies between 2011 and 2013, but they didn't anticipate a connection with this attack. When more information on the malware was released, it came as quite a surprise to find that it contained similar code to malware that had already been found in Korea.
The Lazarus Group, which includes Red Dot and Labyrinth Chollima, became well known to the press and the security community outside of Korea because of the Sony Pictures hack. Malicious …
Copyright © 2018 Virus Bulletin
Abstract
Overview
Sony Pictures hack
Characteristics of malware
Operation Mystery Dot (2011–2014)
Dropper (2011)
Redobot (KorDllbot)
Early version of Escad (2014)
Operation Red Dot (2014–2015)
Changes in malware
Operation Big Pond (2015–2017)
Operation Coin Rush (2017–2018)
Suspicious activities
Navepry
Lazarus connections
Conclusion
References
The Sony Pictures hack occurred in 2014, and the news that the company's internal data had been destroyed and confidential data had been leaked was publicized worldwide. When Korean malware researchers first heard about the attack, they recalled the attacks against Korean banks and media companies between 2011 and 2013, but they didn't anticipate a connection with this attack. When more information on the malware was released, it came as quite a surprise to find that it contained similar code to malware that had already been found in Korea.
The Lazarus Group, which includes Red Dot and Labyrinth Chollima, became well known to the press and the security community outside of Korea because of the Sony Pictures hack. Malicious …
IoC
0092f2d519739f8978cb940af0d7cca6
02b5964f93bcd22c4f6cedd64c3b3de3
0a93ccec3824569f7bc55c520de4fc4f
0fe856d398c877ba0cb7019e983b5c84
11e9adc037b0409d0512504f348c2ffa064b418651c104f9ddddd8a12448bd06
1c67fb74d778c3ce15ac4890276f892f
218ee208323dc38ebc7f63dba73fac5541b53d7ce1858131fa3bfd434003091d
250115ddbbc54207825855b60049f75f
258beb2a8d7df3c55cff946a36677350dcf9317aa426d343a67e616ca7540a52
310f5b1bd7fb305023c955e55064e828
33e99f86d1c94c2798ee1ded42d513824cbd487994691369b1b9b781ebda3947
37be47f8df3c94d365d693855d1af5ac8b94eedd1b3b3122586a6d48611230bb
3e221003d89b629f3d9a9a75e5af90bf3d8d8c245e0b50ca4a34641ded4a44a2
49ace8a624dd22f3110f041a324d1646
4c2efe2f1253b94f16a1cab032f36c7883e4f6c8d9fc17d0ee553b5afb16330c
4ef025dd920c952595b5107ba5eaf89e3caedd2ae860754159c746d1c74743ab
5831e614d79f3259fd48cfd5cd3c7e8e2c00491107d2c7d327970945afcb577d
58b7cd75f61f6e8d3f270582a06808ce7ea77792537a102c36daf68260b43bfc
5df43b35c806c0a47ce379feaf715ee7
62439a4a5eb9c6b2c6559928481b3f2bad5c753c297b2f55e2642751a10ca654
6467c6df4ba4526c7f7a7bc950bd47eb
65da2d2c6726c05fc863c81a2b114c2a
660b607e74c41b032a63e3af8f32e9f5
6a9919037dd2111300e62493e3c8074901ec98232e5d9fc47ca2f93ca8ba4dc2
7807568335687dd7f707cadd7a7c8e7d79082f15c07d263230ed90bf601bfcc6
794b5e8e98e3f0c436515d37212621486f23b57a2c945c189594c5bf88821228
82e195bc7302e8b64aedf48af889a376
8c2b014f0ad27a3a325f15c916cdc9f5963ad4276e9fc928817387c0e5dc62bd
964bf53c43c9168a3fa6dc6392cb3332
a5220e91d8daca4a6a6a75151efb8339
ae44cb4b42debf7507313cfa56f1158d
b039383a19e3da74a5a631dfe4e505020a5c5799578187e4ccc016c22872b246
b6d540571b2cb58057631a108ecef2bba56251530565f380044f8359f7abaf40
b79faac94bde8481aea8ebd97fb506bdc6964105853b9a9f8523d7aad699e649
b7f2595dd62d1174ce6e5ddf43bf2b42f7001c7a4ec3c4cbe3359e30c674ed83
bce2cf667396b79f6df3475dc2b1d63a
bf711a9967824bfe06d061af2c3edf077151e78a4fbc2c094065f3b0861afd05
c44a91c69d8275e4173893499beb9315
c5be570095471bef850282c5aaf9772f5baa23c633fe8612df41f6d1ebe4b565
ce0e43c2b9cb130cd36f1bc5897db2960d310c6e3382e81abfa9a3f2e3b781d7
cffb5d8fc73d9e7cc5860bd6f3177b1c
d1aaf2f58def16caac1c8d3cb46df9f4
d306065bab5b742f669bb1efcebaed3a
d36f79df9a289d01cbb89852b2612fd22273d65b3579410df8b5259b49808a39
e904bf93403c0fb08b9683a9e858c73e
ecddd99fe084e01213edefb4dbc1d683d8ad88d832de34279615b231bce022b5
eff542ac8e37db48821cb4e5a7d95c044fff27557763de3a891b40ebeb52cc55
fa6ee9e969df5ca4524daa77c172a1a7
fa73530df2d2cec5e591a9d666fccfa2
02b5964f93bcd22c4f6cedd64c3b3de3
0a93ccec3824569f7bc55c520de4fc4f
0fe856d398c877ba0cb7019e983b5c84
11e9adc037b0409d0512504f348c2ffa064b418651c104f9ddddd8a12448bd06
1c67fb74d778c3ce15ac4890276f892f
218ee208323dc38ebc7f63dba73fac5541b53d7ce1858131fa3bfd434003091d
250115ddbbc54207825855b60049f75f
258beb2a8d7df3c55cff946a36677350dcf9317aa426d343a67e616ca7540a52
310f5b1bd7fb305023c955e55064e828
33e99f86d1c94c2798ee1ded42d513824cbd487994691369b1b9b781ebda3947
37be47f8df3c94d365d693855d1af5ac8b94eedd1b3b3122586a6d48611230bb
3e221003d89b629f3d9a9a75e5af90bf3d8d8c245e0b50ca4a34641ded4a44a2
49ace8a624dd22f3110f041a324d1646
4c2efe2f1253b94f16a1cab032f36c7883e4f6c8d9fc17d0ee553b5afb16330c
4ef025dd920c952595b5107ba5eaf89e3caedd2ae860754159c746d1c74743ab
5831e614d79f3259fd48cfd5cd3c7e8e2c00491107d2c7d327970945afcb577d
58b7cd75f61f6e8d3f270582a06808ce7ea77792537a102c36daf68260b43bfc
5df43b35c806c0a47ce379feaf715ee7
62439a4a5eb9c6b2c6559928481b3f2bad5c753c297b2f55e2642751a10ca654
6467c6df4ba4526c7f7a7bc950bd47eb
65da2d2c6726c05fc863c81a2b114c2a
660b607e74c41b032a63e3af8f32e9f5
6a9919037dd2111300e62493e3c8074901ec98232e5d9fc47ca2f93ca8ba4dc2
7807568335687dd7f707cadd7a7c8e7d79082f15c07d263230ed90bf601bfcc6
794b5e8e98e3f0c436515d37212621486f23b57a2c945c189594c5bf88821228
82e195bc7302e8b64aedf48af889a376
8c2b014f0ad27a3a325f15c916cdc9f5963ad4276e9fc928817387c0e5dc62bd
964bf53c43c9168a3fa6dc6392cb3332
a5220e91d8daca4a6a6a75151efb8339
ae44cb4b42debf7507313cfa56f1158d
b039383a19e3da74a5a631dfe4e505020a5c5799578187e4ccc016c22872b246
b6d540571b2cb58057631a108ecef2bba56251530565f380044f8359f7abaf40
b79faac94bde8481aea8ebd97fb506bdc6964105853b9a9f8523d7aad699e649
b7f2595dd62d1174ce6e5ddf43bf2b42f7001c7a4ec3c4cbe3359e30c674ed83
bce2cf667396b79f6df3475dc2b1d63a
bf711a9967824bfe06d061af2c3edf077151e78a4fbc2c094065f3b0861afd05
c44a91c69d8275e4173893499beb9315
c5be570095471bef850282c5aaf9772f5baa23c633fe8612df41f6d1ebe4b565
ce0e43c2b9cb130cd36f1bc5897db2960d310c6e3382e81abfa9a3f2e3b781d7
cffb5d8fc73d9e7cc5860bd6f3177b1c
d1aaf2f58def16caac1c8d3cb46df9f4
d306065bab5b742f669bb1efcebaed3a
d36f79df9a289d01cbb89852b2612fd22273d65b3579410df8b5259b49808a39
e904bf93403c0fb08b9683a9e858c73e
ecddd99fe084e01213edefb4dbc1d683d8ad88d832de34279615b231bce022b5
eff542ac8e37db48821cb4e5a7d95c044fff27557763de3a891b40ebeb52cc55
fa6ee9e969df5ca4524daa77c172a1a7
fa73530df2d2cec5e591a9d666fccfa2