APT Profile: Who is Lazarus Group?

2021-12-02 SOCRadar

https://socradar.io/apt-profile-who-is-lazarus-group/

Thumbnail for APT Profile: Who is Lazarus Group?

SOCRadar profiles Lazarus Group as a DPRK Reconnaissance General Bureau-linked threat actor also tracked under names such as Hidden Cobra, Zinc, Guardians of Peace, and Stardust Chollima. The source emphasizes that Lazarus blends political, espionage, disruptive, and financially motivated operations, targeting South Korea, the United States, finance, defense, public administration, research, cryptocurrency, journalists, human-rights groups, and North Korean defector communities. It describes common access methods including spearphishing, supply-chain and watering-hole attacks, zero-day and known-vulnerability exploitation, and custom malware for persistence, data theft, and destructive activity. The profile also notes boundary ambiguity with subgroups and overlapping clusters such as Bluenoroff, Andariel, TEMP.Hermit, and Kimsuky, and cites tools including AppleSeed, HardRain, BadCall, Fallchill, Joanap, Brambul, and WannaCry.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 3a5ba44f140821849de2d82d5a137c3… 2018-08-28 2024-10-13
HASH 10ac312c8dd02e417dd24d53c99525c… 2018-08-28 2024-10-13
HASH 4257bb11570ed15b8a15aa3fc051a58… 2021-12-02 2023-05-02
HASH 616e60f031b6e7c4f99c216d120e8b3… 2021-12-02 2021-12-02
HASH 91650e7b0833a34abc9e51bff53cc05… 2021-12-02 2021-12-02
HASH 31dab68b11824153b4c975399df0354f 2021-12-02 2021-12-02
HASH c39ed6f52aaa31ae0301c591802da24b 2021-12-02 2021-12-02
HASH b66db13d17ae8bcaf586180e3dcd1e2… 2021-12-02 2021-12-02
HASH 49fa2e0131340da29c564d25779c0ca… 2021-12-02 2021-12-02
HASH 509c41ec97bb81b0567b059aa2f50fe8 2021-12-02 2021-12-02
HASH 43d1ef55c9d33472a5532de5bbe814f… 2021-12-02 2021-12-02
HASH 80a2af99fd990567869e9cf4039edf73 2021-12-02 2021-12-02
HASH 3c6375f586a49fc12a4de9328174f0c1 2021-12-02 2021-12-02
HASH bec0b7aff4b107edd5b9276721137651 2021-12-02 2021-12-02
HASH edd2aff8fad0c76021adc74fe3cb3cb… 2021-12-02 2021-12-02
HASH e8450dd6f908b23c9cbd6011fe3d940… 2021-12-02 2021-12-02
HASH 8c3a91694ae0fc87074db6b3e684c58… 2021-12-02 2021-12-02
HASH 6bf1839a7e72a92a2bb18fbedf1873e… 2021-12-02 2021-12-02
HASH 593bbcc8f34047da9960b8456094c0e… 2021-12-02 2021-12-02
HASH 8b52f88f50a6a254280a0023cf4dc28… 2021-12-02 2021-12-02
HASH f107a717f76f4f910ae9cb4dc5290594 2021-12-02 2021-12-02
HASH e14f1a655d54254d06d51cd23a2fa57… 2021-12-02 2021-12-02
HASH 3ecc7b1ee872b45b534c9132c72d352… 2021-12-02 2021-12-02
HASH 21ed253b796f63b9e95b4e426a82303… 2021-12-02 2021-12-02
HASH 05a00c320754934782ec5dec1d5c0476 2021-12-02 2021-12-02
HASH 5a89aac6c8259abbba2fa2ad3fcefc6e 2021-12-02 2021-12-02
HASH da353b2845a354e1a3f671e4a12198e… 2021-12-02 2021-12-02
HASH f8812f1deb8001f3b7672b6fc85640e… 2021-12-02 2021-12-02
HASH 2b4e8612d9f8cdcf520a8b2e42779ffa 2021-12-02 2021-12-02
HASH f9992dfb56a9c6c20eb727e6a26b0172 2021-12-02 2021-12-02
HASH 46d140a0eb13582852b5f778bb20cf0e 2021-12-02 2021-12-02
HASH 66334f10cb494b2d58219fa6d1c683f… 2021-12-02 2021-12-02
HASH f7c7b5e4b051ea5bd0017803f40af13… 2021-12-02 2021-12-02
HASH 16493ecc4c4bc5746acbe96bd8af001… 2021-12-02 2021-12-02
HASH 149601e15002f78866ab73033eb8577… 2021-12-02 2021-12-02
HASH 8db349b97c37d22f5ea1d1841e3c89eb 2021-12-02 2021-12-02
HASH f9cee5e75b7f1298aece9145ea80a1d2 2021-12-02 2021-12-02
HASH 05da32043b1e3a147de634c550f1954d 2021-12-02 2021-12-02
HASH b47e281bfbeeb0758f8c625bed5c5a0… 2021-12-02 2021-12-02
HASH 8e97637474ab77441ae5add3f3325753 2021-12-02 2021-12-02
HASH 11d0f63c06263f50b972287b4bbd1ab… 2021-12-02 2021-12-02
HASH d1f3b9372a6be9c02430b6e45262029… 2021-12-02 2021-12-02
HASH 7c465ea7bcccf4f94147add808f2462… 2021-12-02 2021-12-02
HASH 42bed05ecb51c1ca0edf846c0153974a 2021-12-02 2021-12-02
HASH c9ede1054fef33720f9fa97f5e8abe49 2021-12-02 2021-12-02
HASH 190d9c3e071a38cb26211bfffeb6c4b… 2021-12-02 2021-12-02
HASH 638f9235d038a0a001d5ea7f5c5dc4ae 2021-12-02 2021-12-02
HASH 9b60c622546dc45cca64df935b71c26… 2021-12-02 2021-12-02
HASH 6fbb0aabe992b3bda8a9b1ecd68ea13… 2021-12-02 2021-12-02
HASH c61256583c6569ac13a136bfd440ca09 2021-12-02 2021-12-02
HASH 228780c8cff9044b2e48f0e92163bd7… 2021-12-02 2021-12-02
HASH 246c2781b88f58bc6b0da24ec71dd028 2021-12-02 2021-12-02
HASH 9fb39f162c1e1eb55fbf38e670d5e32… 2021-12-02 2021-12-02
HASH b3c39aeb14425f137b5bd0fd7654f1d… 2021-12-02 2021-12-02
HASH aae9536875784fe6e55357900519f97… 2021-12-02 2021-12-02
HASH 2372862afaa8e8720bc46f93cb27a9b… 2021-12-02 2021-12-02
HASH b7f7ad4970506e8547e0f493c80ba441 2021-12-02 2021-12-02
HASH 93e13ffd2a2f1a13fb9a09de1d98324… 2021-12-02 2021-12-02
HASH 54a116ff80df6e6031059fc3036464df 2021-12-02 2021-12-02
URL http://cwwnhwhlz52maqm7.onion 2021-12-02 2021-12-02
URL http://gx7ekbenv2riucmf.onion 2021-12-02 2021-12-02
URL http://xxlvbrloxvriy2c5.onion 2021-12-02 2021-12-02
URL http://www.rentasyventas.com/in… 2021-12-02 2021-12-02
URL http://www.rentasyventas.com/in… 2021-12-02 2021-12-02
URL http://76jdd2ir2embyv47.onion 2021-12-02 2021-12-02
URL http://57g7spgrzlojinas.onion 2021-12-02 2021-12-02
URL http://www.btcfrog.com/qr/bitco… 2021-12-02 2021-12-02
IPv4 91.121.65.179 2021-12-02 2021-12-02
IPv4 46.101.166.19 2021-12-02 2021-12-02
IPv4 197.231.221.211 2021-12-02 2021-12-02
IPv4 149.202.160.69 2021-12-02 2021-12-02
HASH d8a9879a99ac7b12e63e6bcae7f965f… 2020-03-09 2021-12-02
HASH d465637518024262c063f4a82d799a4… 2018-08-28 2021-12-02
HASH ca9ab48d293cc84092e8db8f0ca99cb… 2018-08-28 2021-12-02
HASH 2584e1521065e45ec3c17767c065429… 2017-05-14 2021-12-02
HASH 5ad4efd90dcde01d26cc6f32f7ce3ce… 2017-05-13 2021-12-02
HASH 5bef35496fcbdbe841c82f4d1ab8b7c2 2017-05-12 2021-12-02
HASH 2ca2d550e603d74dedda03156023135… 2017-05-12 2021-12-02
HASH 09a46b3e1be080745a6d8d88d6b5bd3… 2017-05-12 2021-12-02
HASH c365ddaa345cfcaff3d629505572a48… 2017-05-12 2021-12-02
HASH d6114ba5f10ad67a4131ab72531f02da 2017-05-12 2021-12-02
HASH 86721e64ffbd69aa6944b9672bcabb6d 2017-05-12 2021-12-02
HASH db349b97c37d22f5ea1d1841e3c89eb4 2017-05-12 2021-12-02
HASH 7f7ccaa16fb15eb1c7399d422f8363e8 2017-05-12 2021-12-02
HASH 24d004a104d4d54034dbcffc2a4b19a… 2017-05-12 2021-12-02
HASH 84c82835a5d21bbcf75a61706d8ab549 2017-05-12 2021-12-02
HASH 4a468603fdcb7a2eb5770705898cf9e… 2017-05-12 2021-12-02
HASH 4186675cb6706f9d51167fb0f14cd3f… 2017-05-12 2021-12-02
HASH b9c5d4339809e0ad9a00d4d3dd26fdf… 2017-05-12 2021-12-02
HASH ed01ebfbc9eb5bbea545af4d01bf5f1… 2017-05-12 2021-12-02
HASH 0a73291ab5607aef7db23863cf8e72f… 2017-05-12 2021-12-02
DOMAIN xxlvbrloxvriy2c5.onion 2017-05-12 2021-12-02
DOMAIN cwwnhwhlz52maqm7.onion 2017-05-12 2021-12-02
DOMAIN gx7ekbenv2riucmf.onion 2017-05-12 2021-12-02
DOMAIN 76jdd2ir2embyv47.onion 2017-05-12 2021-12-02
DOMAIN 57g7spgrzlojinas.onion 2017-05-12 2021-12-02
IPv4 128.31.0.39 2017-05-12 2021-12-02

Related Actors

Related Reports

2025-08-13 • 59% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004
Shares tags: Lazarus, T1102.002, T1082
« Back