"Demystifying the North Korean Threat" published by Paradigm. #AppleJeus, #ITWorker, #Lazarus, #Trend, #DangerousPassword, #TraderTraitor, #DPRK, #CTI https://www.paradigm.xyz/2025/03/demystifying-the-north-korean-threat

"Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours" published by JPCERT. #AppleJeus, #DangerousPassword, #DreamJob, #Lazarus, #DPRK, #CTI https://blogs.jpcert.or.jp/en/2025/01/initial_attack_vector.html

"あなたではなく組織の財産を狙うLinkedIn経由のコンタクトにご用心" published by JPCERT. #AppleJeus, #DangerousPassword, #DreamJob, #Lazarus, #DPRK, #CTI https://blogs.jpcert.or.jp/ja/2025/01/initial_attack_vector.html

"DangerousPassword attacks targeting developers’ Windows, macOS, and Linux environments" published by JPCERT. #DangerousPassword, #JokerSpy, #CTI, #OSINT, #LAZARUS https://blogs.jpcert.or.jp/en/2023/07/dangerouspassword_dev.html

"開発者のWindows、macOS、Linux環境を狙ったDangerousPasswordによる攻撃" published by JPCERT. #DangerousPassword, #JokerSpy, #CTI, #OSINT, #LAZARUS https://blogs.jpcert.or.jp/ja/2023/07/dangerouspassword_dev.html

"Attack Trends Related to DangerousPassword" published by JPCERT. #DangerousPassword, #CTI, #OSINT, #LAZARUS https://blogs.jpcert.or.jp/en/2023/05/dangerouspassword.html

#DangerousPassword (#Lazarus) #APT
It targets Polish speaking people:

Lnk:
hasło.txt.lnk (password.txt.lnk)
b860a22f327bce97aa198a5e859ae20a
Decoy:
podwyżka wypłaty.pdf (pay raise.pdf)

Archive file:
1d1a1419db6e328e54d33fb2b124e334
C2:
microshare[.]cloud
one.microshare[.]cloud

#APT #Malware #Threatintel #DangerousPassword

Some more dangerous password stuff

credit: souiten

file:
Password.txt.lnk
b3a413ca95799de4a37403edc18afe34
21e9ddd5753363c9a1f36240f989d3a9

https[:]//www.capmarketreport[.]com/packageupd.msi?ccop=RoPbnVqYd
149.28.247[.]34