IoCs - DPRK Threat Intelligence | lazarus.day

IoCs

210 IoCs

Type	Value	First Seen	Last Seen
YARA	G_Downloader_HYPERCALL_1	2026-02-10	2026-02-10
YARA	G_Backdoor_WAVESHAPER_2	2026-02-10	2026-02-10
YARA	KIMSUKY_Dropper_Archive	2026-02-03	2026-02-03
YARA	KIMSUKY_NUKESPED_DLL_Payload	2026-02-03	2026-02-03
YARA	KIMSUKY_NUKESPED_JSE_Loader	2026-02-03	2026-02-03
YARA	DPRKObfuscatedJavaScript2	2025-11-13	2025-11-13
YARA	DPRKObfuscatedJavaScript1	2025-11-13	2025-11-13
YARA	Actor_APT_DPRK_Unknown_MAL_Indi…	2025-10-27	2025-10-27
YARA	Actor_APT_DPRK_Unknown_MAL_Scri…	2025-10-27	2025-10-27
YARA	Actor_APT_DPRK_Unknown_MAL_Scri…	2025-10-27	2025-10-27
YARA	Actor_APT_DPRK_Unknown_MAL_Scri…	2025-10-27	2025-10-27
YARA	Actor_APT_DPRK_Unknown_MAL_Scri…	2025-10-27	2025-10-27
YARA	Node_Beyond_eval_Contagious_Int…	2025-10-21	2025-10-21
YARA	G_Downloader_JADESNOW_1	2025-10-16	2025-10-16
YARA	Lazarus_ThemeForestRAT_RC4_key	2025-09-01	2025-09-01

G_Downloader_HYPERCALL_1

YARA

First seen: 2026-02-10 • Last seen: 2026-02-10

G_Backdoor_WAVESHAPER_2

YARA

First seen: 2026-02-10 • Last seen: 2026-02-10

KIMSUKY_Dropper_Archive

YARA

First seen: 2026-02-03 • Last seen: 2026-02-03

KIMSUKY_NUKESPED_DLL_Payload

YARA

First seen: 2026-02-03 • Last seen: 2026-02-03

KIMSUKY_NUKESPED_JSE_Loader

YARA

First seen: 2026-02-03 • Last seen: 2026-02-03

DPRKObfuscatedJavaScript2

YARA

First seen: 2025-11-13 • Last seen: 2025-11-13

DPRKObfuscatedJavaScript1

YARA

First seen: 2025-11-13 • Last seen: 2025-11-13

Actor_APT_DPRK_Unknown_MAL_Indicators_Strings_Oct25

YARA

First seen: 2025-10-27 • Last seen: 2025-10-27

Actor_APT_DPRK_Unknown_MAL_Script_JS_RAT_Unknown_Strings_Oct25

YARA

First seen: 2025-10-27 • Last seen: 2025-10-27

Actor_APT_DPRK_Unknown_MAL_Script_JS_Loader_Unknown_Strings_Oct25

YARA

First seen: 2025-10-27 • Last seen: 2025-10-27

Actor_APT_DPRK_Unknown_MAL_Script_PY_Stealer_Unknown_Strings_2_Oct25

YARA

First seen: 2025-10-27 • Last seen: 2025-10-27

Actor_APT_DPRK_Unknown_MAL_Script_PY_Stealer_Unknown_Strings_1_1Oct25

YARA

First seen: 2025-10-27 • Last seen: 2025-10-27

Node_Beyond_eval_Contagious_Interview

YARA

First seen: 2025-10-21 • Last seen: 2025-10-21

G_Downloader_JADESNOW_1

YARA

First seen: 2025-10-16 • Last seen: 2025-10-16

Lazarus_ThemeForestRAT_RC4_key

YARA

First seen: 2025-09-01 • Last seen: 2025-09-01

G_Downloader_HYPERCALL_1

YARA

First seen: Feb 2026

Last seen: Feb 2026

G_Backdoor_WAVESHAPER_2

YARA

First seen: Feb 2026

Last seen: Feb 2026

KIMSUKY_Dropper_Archive

YARA

First seen: Feb 2026

Last seen: Feb 2026

KIMSUKY_NUKESPED_DLL_Payload

YARA

First seen: Feb 2026

Last seen: Feb 2026

KIMSUKY_NUKESPED_JSE_Loader

YARA

First seen: Feb 2026

Last seen: Feb 2026

DPRKObfuscatedJavaScript2

YARA

First seen: Nov 2025

Last seen: Nov 2025

DPRKObfuscatedJavaScript1

YARA

First seen: Nov 2025

Last seen: Nov 2025

Actor_APT_DPRK_Unknown_MAL_Indicators_Strings_Oct25

YARA

First seen: Oct 2025

Last seen: Oct 2025

Actor_APT_DPRK_Unknown_MAL_Script_JS_RAT_Unknown_Strings_Oct25

YARA

First seen: Oct 2025

Last seen: Oct 2025

Actor_APT_DPRK_Unknown_MAL_Script_JS_Loader_Unknown_Strings_Oct25

YARA

First seen: Oct 2025

Last seen: Oct 2025

Actor_APT_DPRK_Unknown_MAL_Script_PY_Stealer_Unknown_Strings_2_Oct25

YARA

First seen: Oct 2025

Last seen: Oct 2025

Actor_APT_DPRK_Unknown_MAL_Script_PY_Stealer_Unknown_Strings_1_1Oct25

YARA

First seen: Oct 2025

Last seen: Oct 2025

Node_Beyond_eval_Contagious_Interview

YARA

First seen: Oct 2025

Last seen: Oct 2025

G_Downloader_JADESNOW_1

YARA

First seen: Oct 2025

Last seen: Oct 2025

Lazarus_ThemeForestRAT_RC4_key

YARA

First seen: Sep 2025

Last seen: Sep 2025

«
1
2
3
4
5
»
14

⚠ These IoCs were automatically extracted using regular expressions or an LLM and may include non-malicious data.