New Malicious PyPI Packages used by Lazarus [Thursday, February 29, 2024]

JPCERT/CC confirmed that Lazarus has released malicious Python packages to PyPI, the official Python repository. The packages pycryptoenv, pycrypto...
New Malicious PyPI Packages used by Lazarus [Thursday, February 29, 2024]
New Malicious PyPI Packages used by Lazarus

New Malicious PyPI Packages used by Lazarus

Description :
JPCERT/CC confirmed that Lazarus has released malicious Python packages to PyPI, the official Python repository. The packages pycryptoenv, pycryptoconf, quasarlib, and swapmempool contain malware. The package names pycryptoenv and pycryptoconf target typos when installing legitimate packages. The malware is Comebacker, which decodes and executes a DLL sending HTTP requests to C2 servers. The DLL receives and runs executable files. The packages were downloaded 300 to 1200 times, showing Lazarus targets typos for infection.

Published Created Modified
2024-02-29 18:22:46 2024-02-29 18:22:46 2024-02-29 18:29:01

Tags

Indicators

IPv4s : URLs : Domains : Malwares :
  • pycryptoenv
  • comebacker
  • pycryptoconf
  • swapmempool
  • quasarlib
Hashes :
  • 8fb6d8a5013bd3a36c605031e86fd1f6bb7c3fdba722e58ee2f4769a820b86b0
  • 01c5836655c6a4212676c78ec96c0ac6b778a411e61a2da1f545eba8f784e980
  • 85c3a2b185f882abd2cc40df5a1a341962bc4616bc78a344768e4de1d5236ab7
  • 26437bc68133c2ca09bb56bc011dd1b713f8ee40a2acc2488b102dd037641c6e
  • 63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17c
  • 956d2ed558e3c6e447e3d4424d6b14e81f74b63762238e84069f9a7610aa2531
  • b4a04b450bb7cae5ea578e79ae9d0f203711c18c3f3a6de9900d2bdfaa4e7f67
  • 6bba8f488c23a0e0f753ac21cd83ddeac5c4d14b70d4426d7cdeebdf813a1094
  • aec915753612bb003330ce7ffc67cfa9d7e3c12310f0ecfd0b7e50abf427989a
  • c56c94e21913b2df4be293001da84c3bb20badf823ccf5b6a396f5f49df5efff
  • a8a5411f3696b276aee37eee0d9bed99774910a74342bbd638578a315b65e6a6
  • 3ab6e6fc888e4df602eff1c5bc24f3e976215d1e4a58f963834e5b225a3821f5
  • e05142f8375070d1ea25ed3a31404ca37b4e1ac88c26832682d8d2f9f4f6d0ae
  • 173e6bc33efc7a03da06bf5f8686a89bbed54b6fc8a4263035b7950ed3886179
  • a4e4618b358c92e04fe6b7f94a114870c941be5e323735a2e5cd195138327f8f
  • 60c080a29f58cf861f5e7c7fc5e5bddc7e63dd1db0badc06729d91f65957e9ce
Intrusion set :
  • Lazarus
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.