IoCs - DPRK Threat Intelligence | lazarus.day

IoCs

210 IoCs

Type	Value	First Seen	Last Seen
YARA	SUSP_Macho_Library_StackString	2023-01-18	2023-01-18
YARA	MAL_CloudMensis_FlowEncrypt	2023-01-16	2023-01-16
YARA	MAL_CloudMensis_FlowEncrypt	2023-01-16	2023-01-16
YARA	APT_NK_APT37_CloudMensis_ClassD…	2023-01-16	2023-01-16
YARA	follow_the_fallchill_call	2022-07-31	2022-07-31
YARA	SiennaBlue	2022-07-14	2022-07-14
YARA	SiennaPurple	2022-07-14	2022-07-14
YARA	MauiRansomware	2022-07-06	2022-07-06
YARA	NK_APT_AppleSeed_Backdoor	2022-06-05	2022-06-05
YARA	NK_APT_AppleSeed_Dropper	2022-06-05	2022-06-05
YARA	Microsoft_Signed_DLL_With_High_…	2022-04-29	2022-04-29
YARA	Red_Lich_Encoded_PlugX	2022-04-29	2022-04-29
YARA	NK_GOLDBACKDOOR_Main	2022-04-21	2022-04-21
YARA	NK_GOLDBACKDOOR_generic_shellco…	2022-04-21	2022-04-21
YARA	NK_GOLDBACKDOOR_injected_shellc…	2022-04-21	2022-04-21

SUSP_Macho_Library_StackString

YARA

First seen: 2023-01-18 • Last seen: 2023-01-18

MAL_CloudMensis_FlowEncrypt

YARA

First seen: 2023-01-16 • Last seen: 2023-01-16

MAL_CloudMensis_FlowEncrypt

YARA

First seen: 2023-01-16 • Last seen: 2023-01-16

APT_NK_APT37_CloudMensis_ClassData

YARA

First seen: 2023-01-16 • Last seen: 2023-01-16

follow_the_fallchill_call

YARA

First seen: 2022-07-31 • Last seen: 2022-07-31

SiennaBlue

YARA

First seen: 2022-07-14 • Last seen: 2022-07-14

SiennaPurple

YARA

First seen: 2022-07-14 • Last seen: 2022-07-14

MauiRansomware

YARA

First seen: 2022-07-06 • Last seen: 2022-07-06

NK_APT_AppleSeed_Backdoor

YARA

First seen: 2022-06-05 • Last seen: 2022-06-05

NK_APT_AppleSeed_Dropper

YARA

First seen: 2022-06-05 • Last seen: 2022-06-05

Microsoft_Signed_DLL_With_High_Entropy_Data_After_Digital_Signature

YARA

First seen: 2022-04-29 • Last seen: 2022-04-29

Red_Lich_Encoded_PlugX

YARA

First seen: 2022-04-29 • Last seen: 2022-04-29

NK_GOLDBACKDOOR_Main

YARA

First seen: 2022-04-21 • Last seen: 2022-04-21

NK_GOLDBACKDOOR_generic_shellcode

YARA

First seen: 2022-04-21 • Last seen: 2022-04-21

NK_GOLDBACKDOOR_injected_shellcode

YARA

First seen: 2022-04-21 • Last seen: 2022-04-21

SUSP_Macho_Library_StackString

YARA

First seen: Jan 2023

Last seen: Jan 2023

MAL_CloudMensis_FlowEncrypt

YARA

First seen: Jan 2023

Last seen: Jan 2023

MAL_CloudMensis_FlowEncrypt

YARA

First seen: Jan 2023

Last seen: Jan 2023

APT_NK_APT37_CloudMensis_ClassData

YARA

First seen: Jan 2023

Last seen: Jan 2023

follow_the_fallchill_call

YARA

First seen: Jul 2022

Last seen: Jul 2022

SiennaBlue

YARA

First seen: Jul 2022

Last seen: Jul 2022

SiennaPurple

YARA

First seen: Jul 2022

Last seen: Jul 2022

MauiRansomware

YARA

First seen: Jul 2022

Last seen: Jul 2022

NK_APT_AppleSeed_Backdoor

YARA

First seen: Jun 2022

Last seen: Jun 2022

NK_APT_AppleSeed_Dropper

YARA

First seen: Jun 2022

Last seen: Jun 2022

Microsoft_Signed_DLL_With_High_Entropy_Data_After_Digital_Signature

YARA

First seen: Apr 2022

Last seen: Apr 2022

Red_Lich_Encoded_PlugX

YARA

First seen: Apr 2022

Last seen: Apr 2022

NK_GOLDBACKDOOR_Main

YARA

First seen: Apr 2022

Last seen: Apr 2022

NK_GOLDBACKDOOR_generic_shellcode

YARA

First seen: Apr 2022

Last seen: Apr 2022

NK_GOLDBACKDOOR_injected_shellcode

YARA

First seen: Apr 2022

Last seen: Apr 2022

1
«
7
8
9
10
11
»
14

⚠ These IoCs were automatically extracted using regular expressions or an LLM and may include non-malicious data.