Indicators of Compromise | lazarus.day

IoCs

32,011 IoCs

Type	Value	First Seen	Last Seen
ASN	AS63023	2023-12-22	2026-03-15
ASN	AS212238	2019-05-16	2026-03-15
IPv4	31.220.48.155	2026-03-13	2026-03-13
HASH	323ba89ec7410656629f8a1e7890d30…	2026-03-13	2026-03-13
HASH	0be2375362227f846c56c4de2db4d31…	2026-03-13	2026-03-13
URL	https://malicanbur.pro	2026-03-13	2026-03-13
URL	https://malicanbur.pro/winnmrep…	2026-03-13	2026-03-13
DOMAIN	malicanbur.pro	2026-03-13	2026-03-13
IPv4	173.211.46.22	2026-03-13	2026-03-13
DOMAIN	v6.navy	2026-03-12	2026-03-12
DOMAIN	oq7n2.dynv6.net	2026-03-12	2026-03-12
DOMAIN	oc9bk.dynv6.net	2026-03-12	2026-03-12
YARA	Lazarus_Medusa_Campaign_Config	2026-03-12	2026-03-12
YARA	Lazarus_TSMSISrv_IME_Loader	2026-03-12	2026-03-12
YARA	Lazarus_Medusa_Gaze_Ransomware	2026-03-12	2026-03-12

AS63023

ASN

First seen: 2023-12-22 • Last seen: 2026-03-15

AS212238

ASN

First seen: 2019-05-16 • Last seen: 2026-03-15

31.220.48.155

IPv4

Related: AS47583

First seen: 2026-03-13 • Last seen: 2026-03-13

323ba89ec7410656629f8a1e7890d3025739adcbb8497f1c737a7465c13eb1fd

HASH

First seen: 2026-03-13 • Last seen: 2026-03-13

0be2375362227f846c56c4de2db4d3113e197f0c605c297a7e0e0c154e94464e

HASH

First seen: 2026-03-13 • Last seen: 2026-03-13

https://malicanbur.pro

URL

Related: malicanbur.pro

First seen: 2026-03-13 • Last seen: 2026-03-13

https://malicanbur.pro/winnmrepair_ml2j.release

URL

Related: malicanbur.pro

First seen: 2026-03-13 • Last seen: 2026-03-13

malicanbur.pro

DOMAIN

Related: 31.220.48.155

First seen: 2026-03-13 • Last seen: 2026-03-13

173.211.46.22

IPv4

Related: AS212238

First seen: 2026-03-13 • Last seen: 2026-03-13

v6.navy

DOMAIN

First seen: 2026-03-12 • Last seen: 2026-03-12

oq7n2.dynv6.net

DOMAIN

Related: 101.36.114.66

First seen: 2026-03-12 • Last seen: 2026-03-12

oc9bk.dynv6.net

DOMAIN

Related: 101.36.114.66

First seen: 2026-03-12 • Last seen: 2026-03-12

Lazarus_Medusa_Campaign_Config

YARA

First seen: 2026-03-12 • Last seen: 2026-03-12

Lazarus_TSMSISrv_IME_Loader

YARA

First seen: 2026-03-12 • Last seen: 2026-03-12

Lazarus_Medusa_Gaze_Ransomware

YARA

First seen: 2026-03-12 • Last seen: 2026-03-12

AS63023

ASN

First seen: Dec 2023

Last seen: Mar 2026

AS212238

ASN

First seen: May 2019

Last seen: Mar 2026

31.220.48.155

IPv4

AS47583

First seen: Mar 2026

Last seen: Mar 2026

323ba89ec7410656629f8a1e7890d3025739adcbb8497f1c737a7465c13eb1fd

HASH

First seen: Mar 2026

Last seen: Mar 2026

0be2375362227f846c56c4de2db4d3113e197f0c605c297a7e0e0c154e94464e

HASH

First seen: Mar 2026

Last seen: Mar 2026

https://malicanbur.pro

URL

malicanbur.pro

First seen: Mar 2026

Last seen: Mar 2026

https://malicanbur.pro/winnmrepair_ml2j.release

URL

malicanbur.pro

First seen: Mar 2026

Last seen: Mar 2026

malicanbur.pro

DOMAIN

31.220.48.155

First seen: Mar 2026

Last seen: Mar 2026

173.211.46.22

IPv4

AS212238

First seen: Mar 2026

Last seen: Mar 2026

v6.navy

DOMAIN

First seen: Mar 2026

Last seen: Mar 2026

oq7n2.dynv6.net

DOMAIN

101.36.114.66

First seen: Mar 2026

Last seen: Mar 2026

oc9bk.dynv6.net

DOMAIN

101.36.114.66

First seen: Mar 2026

Last seen: Mar 2026

Lazarus_Medusa_Campaign_Config

YARA

First seen: Mar 2026

Last seen: Mar 2026

Lazarus_TSMSISrv_IME_Loader

YARA

First seen: Mar 2026

Last seen: Mar 2026

Lazarus_Medusa_Gaze_Ransomware

YARA

First seen: Mar 2026

Last seen: Mar 2026

1
«
169
170
171
172
173
»
2135

⚠ These IoCs were automatically extracted using regular expressions or an LLM and may include non-malicious data.