BLINDINGCAN
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 27/10/2020 19:45
- Modified
- 27/03/2026 01:02
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 53 attack patterns (mitre), 2 intrusion sets (apt), 8 sectors, 6 countries, 45 indicators, 1 vulnerabilities (cve), 1 reports
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (53)
Intrusion sets (APT) (2)
-
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber…
First seen 01/01/1970 · Last seen 16/11/5138 · -
Lazarus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (8)
-
Defense targets
-
Road transport targets
-
Universities targets
-
Government targets
-
Media targets
-
Air transport targets
-
Political parties targets
-
Technology targets
Countries (6)
-
Taiwan targets
-
Belgium targets
-
Hong Kong targets
-
Cyprus targets
-
United States of America targets
-
Netherlands targets
Indicators (45)
-
stix 100/100 Revoked
SLF:SCPT:OffRelAttachedTemplateHttp.A SHA256 of 880b263b4fd5de0ae6224189ea611023
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100 Revoked
SLF:SCPT:OffRelAttachedTemplateHttp.A SHA256 of e7aa0237fc3db67a96ebd877806a2c88
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100 Revoked
CoreDn SHA256 of 265f407a157ab0ed017dd18cae0352ae
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100 Revoked
LZMA SHA256 of 8840f6d2175683c7ed8ac2333c78451a
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100
Other:Malware-gen\ [Trj] SHA256 of 65df11dea0c1d0f0304b376787e65ccb
· Valid until 01/09/2026 · Source: AlienVault -
stix 100/100 Revoked· Valid until 20/11/2022 · Source: AlienVault
-
stix 100/100 Revoked
TEL:Trojan:Win32/MeterLoad SHA256 of 92657b98c2b4ee4e8fa1b83921003c74
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 2efbe6901fc3f479bc32aaf13ce8cf12
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100 Revoked
SLF:SCPT:OffRelAttachedTemplateHttp.A SHA256 of 9ea365c1714eb500e5f4a749a3ed0fe7
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 7af59d16cfd0802144795ca496e8111c SHA256 of 7af59d16cfd0802144795ca496e8111c
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of b3a8c88297daecdb9b0ac54a3c107797
· Valid until 15/07/2024 · Source: AlienVault -
stix 100/100 Revoked
Doc.Dropper.Agent-6960083-0 SHA256 of 7a73a2261e20bdb8d24a4fb252801db7
· Valid until 15/07/2024 · Source: AlienVault
Vulnerabilities (CVE) (1)
Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
- Published
- 31/03/2022
- Modified
- 29/05/2026
Reports (1)
-
Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools