IoCs - DPRK Threat Intelligence | lazarus.day

IoCs

210 IoCs

Type	Value	First Seen	Last Seen
YARA	Lazarus_RemotePE_DPAPI_Encrypte…	2026-05-22	2026-05-22
YARA	Lazarus_RemotePE_class_strings	2026-05-22	2026-05-22
YARA	Lazarus_RemotePE_C2_strings	2026-05-22	2026-05-22
YARA	Lazarus_DPAPILoader_Hunting	2026-05-22	2026-05-22
YARA	Kimsuky_NHIS_Phishing_Page	2026-04-17	2026-04-17
YARA	Kimsuky_CHM_Dropper_Node5	2026-04-17	2026-04-17
YARA	Kimsuky_Blog_Harvest_DDNS_Config	2026-04-17	2026-04-17
YARA	Kimsuky_Phishing_Kit_Glype_PHPr…	2026-04-17	2026-04-17
YARA	rmcej_otb_payload	2026-04-11	2026-04-11
YARA	polinrider_payload	2026-04-11	2026-04-11
YARA	Kimsuky_Bootservice_CHM_Dropper	2026-04-11	2026-04-11
YARA	rmcej_otb_payload	2026-04-08	2026-04-08
YARA	G_Hunting_Downloader_SILKBELL_1	2026-04-01	2026-04-01
YARA	G_Hunting_Downloader_suspected_…	2026-04-01	2026-04-01
YARA	TasksJacker_Blockchain_IOCs	2026-03-31	2026-03-31

Lazarus_RemotePE_DPAPI_Encrypted_config

YARA

First seen: 2026-05-22 • Last seen: 2026-05-22

Lazarus_RemotePE_class_strings

YARA

First seen: 2026-05-22 • Last seen: 2026-05-22

Lazarus_RemotePE_C2_strings

YARA

First seen: 2026-05-22 • Last seen: 2026-05-22

Lazarus_DPAPILoader_Hunting

YARA

First seen: 2026-05-22 • Last seen: 2026-05-22

Kimsuky_NHIS_Phishing_Page

YARA

First seen: 2026-04-17 • Last seen: 2026-04-17

Kimsuky_CHM_Dropper_Node5

YARA

First seen: 2026-04-17 • Last seen: 2026-04-17

Kimsuky_Blog_Harvest_DDNS_Config

YARA

First seen: 2026-04-17 • Last seen: 2026-04-17

Kimsuky_Phishing_Kit_Glype_PHProxy

YARA

First seen: 2026-04-17 • Last seen: 2026-04-17

rmcej_otb_payload

YARA

First seen: 2026-04-11 • Last seen: 2026-04-11

polinrider_payload

YARA

First seen: 2026-04-11 • Last seen: 2026-04-11

Kimsuky_Bootservice_CHM_Dropper

YARA

First seen: 2026-04-11 • Last seen: 2026-04-11

rmcej_otb_payload

YARA

First seen: 2026-04-08 • Last seen: 2026-04-08

G_Hunting_Downloader_SILKBELL_1

YARA

First seen: 2026-04-01 • Last seen: 2026-04-01

G_Hunting_Downloader_suspected_UNC1069_PS_1

YARA

First seen: 2026-04-01 • Last seen: 2026-04-01

TasksJacker_Blockchain_IOCs

YARA

First seen: 2026-03-31 • Last seen: 2026-03-31

Lazarus_RemotePE_DPAPI_Encrypted_config

YARA

First seen: May 2026

Last seen: May 2026

Lazarus_RemotePE_class_strings

YARA

First seen: May 2026

Last seen: May 2026

Lazarus_RemotePE_C2_strings

YARA

First seen: May 2026

Last seen: May 2026

Lazarus_DPAPILoader_Hunting

YARA

First seen: May 2026

Last seen: May 2026

Kimsuky_NHIS_Phishing_Page

YARA

First seen: Apr 2026

Last seen: Apr 2026

Kimsuky_CHM_Dropper_Node5

YARA

First seen: Apr 2026

Last seen: Apr 2026

Kimsuky_Blog_Harvest_DDNS_Config

YARA

First seen: Apr 2026

Last seen: Apr 2026

Kimsuky_Phishing_Kit_Glype_PHProxy

YARA

First seen: Apr 2026

Last seen: Apr 2026

rmcej_otb_payload

YARA

First seen: Apr 2026

Last seen: Apr 2026

polinrider_payload

YARA

First seen: Apr 2026

Last seen: Apr 2026

Kimsuky_Bootservice_CHM_Dropper

YARA

First seen: Apr 2026

Last seen: Apr 2026

rmcej_otb_payload

YARA

First seen: Apr 2026

Last seen: Apr 2026

G_Hunting_Downloader_SILKBELL_1

YARA

First seen: Apr 2026

Last seen: Apr 2026

G_Hunting_Downloader_suspected_UNC1069_PS_1

YARA

First seen: Apr 2026

Last seen: Apr 2026

TasksJacker_Blockchain_IOCs

YARA

First seen: Mar 2026

Last seen: Mar 2026

1
2
3
»
14

⚠ These IoCs were automatically extracted using regular expressions or an LLM and may include non-malicious data.