Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Source IP Country Method URI Tag FirstSeen LastSeen count
- 178.128.253.67 Netherlands POST /tbl_add.php?action=%22BaseInfo%22&u=%22NTA0ODUzNTI2ODU2Njc1NDU3Njk1NTY2NjU1MTQ5NzA=%22 Possible Lazarus Malware Related 2019-07-09T18:09:42Z 2019-07-10T15:37:52Z 114
- /tbl_add.php?action="BaseInfo"&u="NTA0ODUzNTI2ODU2Njc1NDU3Njk1NTY2NjU1MTQ5NzA="
- Base64 decodes to:
- 50485352685667545769556665514970
- The only information I can find on this particular path is an IOC mentioned in a write-up of Lazarus (APT group) malware tool that used it to send messages to the C2 server:
- https://medium.com/@quoscient/new-evidence-might-link-lazarus-tool-found-in-chile-redbanc-intrusion-to-previous-attacks-in-764f757a12ef
- https://www.flashpoint-intel.com/blog/disclosure-chilean-redbanc-intrusion-lazarus-ties/
- @bad_packets
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement