IoCs - DPRK Threat Intelligence | lazarus.day

IoCs

210 IoCs

Type	Value	First Seen	Last Seen
YARA	plain_crypto_js_malware	2026-03-31	2026-03-31
YARA	TasksJacker_Blockchain_IOCs	2026-03-31	2026-03-31
YARA	G_Backdoor_WAVESHAPER_1	2026-02-10	2026-03-31
YARA	Lazarus_Medusa_Campaign_XOR_Con…	2026-03-17	2026-03-17
YARA	Lazarus_TSMSISrv_IME_Loader	2026-03-17	2026-03-17
YARA	Lazarus_Medusa_Gaze_Ransomware	2026-03-17	2026-03-17
YARA	Lazarus_Medusa_Campaign_Config	2026-03-12	2026-03-12
YARA	Lazarus_TSMSISrv_IME_Loader	2026-03-12	2026-03-12
YARA	Lazarus_Medusa_Gaze_Ransomware	2026-03-12	2026-03-12
YARA	rmcej_otb_payload	2026-03-08	2026-03-08
YARA	G_Datamine_CHROMEPUSH_1	2026-02-10	2026-02-10
YARA	G_Datamine_DEEPBREATH_1	2026-02-10	2026-02-10
YARA	G_APTFIN_Downloader_SUGARLOADER…	2026-02-10	2026-02-10
YARA	G_APTFIN_Downloader_SUGARLOADER…	2026-02-10	2026-02-10
YARA	G_Backdoor_SILENCELIFT_1	2026-02-10	2026-02-10

plain_crypto_js_malware

YARA

First seen: 2026-03-31 • Last seen: 2026-03-31

TasksJacker_Blockchain_IOCs

YARA

First seen: 2026-03-31 • Last seen: 2026-03-31

G_Backdoor_WAVESHAPER_1

YARA

First seen: 2026-02-10 • Last seen: 2026-03-31

Lazarus_Medusa_Campaign_XOR_Config

YARA

First seen: 2026-03-17 • Last seen: 2026-03-17

Lazarus_TSMSISrv_IME_Loader

YARA

First seen: 2026-03-17 • Last seen: 2026-03-17

Lazarus_Medusa_Gaze_Ransomware

YARA

First seen: 2026-03-17 • Last seen: 2026-03-17

Lazarus_Medusa_Campaign_Config

YARA

First seen: 2026-03-12 • Last seen: 2026-03-12

Lazarus_TSMSISrv_IME_Loader

YARA

First seen: 2026-03-12 • Last seen: 2026-03-12

Lazarus_Medusa_Gaze_Ransomware

YARA

First seen: 2026-03-12 • Last seen: 2026-03-12

rmcej_otb_payload

YARA

First seen: 2026-03-08 • Last seen: 2026-03-08

G_Datamine_CHROMEPUSH_1

YARA

First seen: 2026-02-10 • Last seen: 2026-02-10

G_Datamine_DEEPBREATH_1

YARA

First seen: 2026-02-10 • Last seen: 2026-02-10

G_APTFIN_Downloader_SUGARLOADER_2

YARA

First seen: 2026-02-10 • Last seen: 2026-02-10

G_APTFIN_Downloader_SUGARLOADER_1

YARA

First seen: 2026-02-10 • Last seen: 2026-02-10

G_Backdoor_SILENCELIFT_1

YARA

First seen: 2026-02-10 • Last seen: 2026-02-10

plain_crypto_js_malware

YARA

First seen: Mar 2026

Last seen: Mar 2026

TasksJacker_Blockchain_IOCs

YARA

First seen: Mar 2026

Last seen: Mar 2026

G_Backdoor_WAVESHAPER_1

YARA

First seen: Feb 2026

Last seen: Mar 2026

Lazarus_Medusa_Campaign_XOR_Config

YARA

First seen: Mar 2026

Last seen: Mar 2026

Lazarus_TSMSISrv_IME_Loader

YARA

First seen: Mar 2026

Last seen: Mar 2026

Lazarus_Medusa_Gaze_Ransomware

YARA

First seen: Mar 2026

Last seen: Mar 2026

Lazarus_Medusa_Campaign_Config

YARA

First seen: Mar 2026

Last seen: Mar 2026

Lazarus_TSMSISrv_IME_Loader

YARA

First seen: Mar 2026

Last seen: Mar 2026

Lazarus_Medusa_Gaze_Ransomware

YARA

First seen: Mar 2026

Last seen: Mar 2026

rmcej_otb_payload

YARA

First seen: Mar 2026

Last seen: Mar 2026

G_Datamine_CHROMEPUSH_1

YARA

First seen: Feb 2026

Last seen: Feb 2026

G_Datamine_DEEPBREATH_1

YARA

First seen: Feb 2026

Last seen: Feb 2026

G_APTFIN_Downloader_SUGARLOADER_2

YARA

First seen: Feb 2026

Last seen: Feb 2026

G_APTFIN_Downloader_SUGARLOADER_1

YARA

First seen: Feb 2026

Last seen: Feb 2026

G_Backdoor_SILENCELIFT_1

YARA

First seen: Feb 2026

Last seen: Feb 2026

«
1
2
3
4
»
14

⚠ These IoCs were automatically extracted using regular expressions or an LLM and may include non-malicious data.