IoCs - DPRK Threat Intelligence | lazarus.day

IoCs

210 IoCs

Type	Value	First Seen	Last Seen
YARA	Lazarus_ThemeForestRAT_C2_strin…	2025-09-01	2025-09-01
YARA	Lazarus_PerfhLoader_XOR_key	2025-09-01	2025-09-01
YARA	Lazarus_RemotePE_class_strings	2025-09-01	2025-09-01
YARA	Lazarus_RemotePE_C2_strings	2025-09-01	2025-09-01
YARA	Lazarus_DPAPILoader_Hunting	2025-09-01	2025-09-01
YARA	Inline_CSharp_ShowWindow_Hider	2025-05-12	2025-05-12
YARA	tsunami_framework	2025-04-25	2025-04-25
YARA	apt_Lazarus_ClickFake_NodeJS_Do…	2025-03-31	2025-03-31
YARA	apt_Lazarus_ClickFake_GolangGho…	2025-03-31	2025-03-31
YARA	apt_Lazarus_ClickFake_Go_Backdo…	2025-03-31	2025-03-31
YARA	apt_Lazarus_ClickFake_NodeVBS_L…	2025-03-31	2025-03-31
YARA	apt_Lazarus_ClickFake_ZIP_with_…	2025-03-31	2025-03-31
YARA	apt_Lazarus_ClickFake_JavaScript	2025-03-31	2025-03-31
YARA	apt_Lazarus_ClickFake_Interview…	2025-03-31	2025-03-31
YARA	apt_Lazarus_MacOs_ClickFake_Int…	2025-03-31	2025-03-31

Lazarus_ThemeForestRAT_C2_strings

YARA

First seen: 2025-09-01 • Last seen: 2025-09-01

Lazarus_PerfhLoader_XOR_key

YARA

First seen: 2025-09-01 • Last seen: 2025-09-01

Lazarus_RemotePE_class_strings

YARA

First seen: 2025-09-01 • Last seen: 2025-09-01

Lazarus_RemotePE_C2_strings

YARA

First seen: 2025-09-01 • Last seen: 2025-09-01

Lazarus_DPAPILoader_Hunting

YARA

First seen: 2025-09-01 • Last seen: 2025-09-01

Inline_CSharp_ShowWindow_Hider

YARA

First seen: 2025-05-12 • Last seen: 2025-05-12

tsunami_framework

YARA

First seen: 2025-04-25 • Last seen: 2025-04-25

apt_Lazarus_ClickFake_NodeJS_Downloader

YARA

First seen: 2025-03-31 • Last seen: 2025-03-31

apt_Lazarus_ClickFake_GolangGhost_Compiled

YARA

First seen: 2025-03-31 • Last seen: 2025-03-31

apt_Lazarus_ClickFake_Go_Backdoor_strings

YARA

First seen: 2025-03-31 • Last seen: 2025-03-31

apt_Lazarus_ClickFake_NodeVBS_Launcher

YARA

First seen: 2025-03-31 • Last seen: 2025-03-31

apt_Lazarus_ClickFake_ZIP_with_GolangGhost

YARA

First seen: 2025-03-31 • Last seen: 2025-03-31

apt_Lazarus_ClickFake_JavaScript

YARA

First seen: 2025-03-31 • Last seen: 2025-03-31

apt_Lazarus_ClickFake_Interview_FrostyFerret

YARA

First seen: 2025-03-31 • Last seen: 2025-03-31

apt_Lazarus_MacOs_ClickFake_Interview_bash_installer

YARA

First seen: 2025-03-31 • Last seen: 2025-03-31

Lazarus_ThemeForestRAT_C2_strings

YARA

First seen: Sep 2025

Last seen: Sep 2025

Lazarus_PerfhLoader_XOR_key

YARA

First seen: Sep 2025

Last seen: Sep 2025

Lazarus_RemotePE_class_strings

YARA

First seen: Sep 2025

Last seen: Sep 2025

Lazarus_RemotePE_C2_strings

YARA

First seen: Sep 2025

Last seen: Sep 2025

Lazarus_DPAPILoader_Hunting

YARA

First seen: Sep 2025

Last seen: Sep 2025

Inline_CSharp_ShowWindow_Hider

YARA

First seen: May 2025

Last seen: May 2025

tsunami_framework

YARA

First seen: Apr 2025

Last seen: Apr 2025

apt_Lazarus_ClickFake_NodeJS_Downloader

YARA

First seen: Mar 2025

Last seen: Mar 2025

apt_Lazarus_ClickFake_GolangGhost_Compiled

YARA

First seen: Mar 2025

Last seen: Mar 2025

apt_Lazarus_ClickFake_Go_Backdoor_strings

YARA

First seen: Mar 2025

Last seen: Mar 2025

apt_Lazarus_ClickFake_NodeVBS_Launcher

YARA

First seen: Mar 2025

Last seen: Mar 2025

apt_Lazarus_ClickFake_ZIP_with_GolangGhost

YARA

First seen: Mar 2025

Last seen: Mar 2025

apt_Lazarus_ClickFake_JavaScript

YARA

First seen: Mar 2025

Last seen: Mar 2025

apt_Lazarus_ClickFake_Interview_FrostyFerret

YARA

First seen: Mar 2025

Last seen: Mar 2025

apt_Lazarus_MacOs_ClickFake_Interview_bash_installer

YARA

First seen: Mar 2025

Last seen: Mar 2025

1
«
2
3
4
5
6
»
14

⚠ These IoCs were automatically extracted using regular expressions or an LLM and may include non-malicious data.