Lazarus Group

2017-05-31 • MITRE •

https://attack.mitre.org/groups/G0032/

#G0032 #T1082 #T1090 #T1140 #T1005 #T1041 #T1560 #T1046 #T1083 #T1497 #T1036 #T1027 #T1567 #T1071 #T1124 #T1204 #T1057 #T1053 #T1566 #T1102 #T1059 #T1001 #T1105 #T1055 #T1620 #T1543 #T1489 #T1078 #T1008 #T1571 #T1218 #T1220 #T1588 #T1203 #T1189 #T1049 #T1574 #T1098 #T1087 #T1593 #T1589 #T1016 #T1587 #T1591 #T1585 #T1583 #T1557 #T1547 #T1614 #T1106 #T1573 #T1048 #T1562 #T1608 #T1070 #T1047 #T1074 #T1134 #T1056 #T1529 #T1010 #T1553 #T1033 #T1485 #T1012 #T1110 #T1534 #T1104 #T1202 #T1221 #T1132 #T1021 #T1561 #T1564 #T1584 #T0865 #T1542 #T1491

MITRE ATT&CK’s Lazarus Group entry maps a broad set of observed behaviors across the actor also tracked as Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, Diamond Sleet, and related names. The excerpt describes credential and environment discovery through keyloggers, Active Directory queries, window-title collection, Responder-based credential harvesting, and attempts to use administrator-name permutations and weak passwords for lateral movement. Delivery and execution tradecraft includes malicious Word macros, DOTM files, PowerShell, cmd.exe, compromised websites, GitHub-hosted downloads, social engineering through LinkedIn, Twitter, and email accounts, and exploitation of Adobe Flash CVE-2018-4878. Persistence, C2, and impact behaviors include Registry Run keys and Startup-folder LNK files, HTTP/HTTPS and custom encrypted C2, Dropbox exfiltration via dbxcli, RAR or ZIP staging of stolen data, and destructive wipers that overwrite MBRs or large portions of physical and logical drives.

Related Actors

G0032

MITRE

Lazarus

First seen: May 2017

Last seen: May 2017

Related Reports

2019-08-26 • 32% Match

Kimsuky

MITRE

#Kimsuky #G0094 #T1082 #T1140 #T1005 #T1041 #T1555 #T1560 #T1112 #T1083 #T1036 #T1027 #T1567 #T1071 #T1204 #T1552 #T1057 #T1053 #T1566 #T1102 #T1059 #T1003 #T1105 #T1219 #T1055 #T1543 #T1078 #T1133 #T1218 #T1190 #T1588 #T1114 #T1098 #T1593 #T1589 #T1016 #T1587 #T1111 #T1591 #T1585 #T1598 #T1583 #T1594 #T1557 #T1547 #T1562 #T1608 #T1546 #T1070 #T1074 #T1056 #T1586 #T1176 #T1553 #T1012 #T1534 #T1007 #T1518 #T1021 #T1040 #T1564 #T1584 #T1136 #T1505 #T1550

Shares tags: T1082, T1140, T1005 • Same author: MITRE

2025-10-19 • 23% Match

Contagious Interview

MITRE

#ContagiousInterview #G1052 #T1082 #T1090 #T1041 #T1555 #T1083 #T1497 #T1036 #T1027 #T1567 #T1071 #T1204 #T1566 #T1059 #T1656 #T1480 #T1219 #T1543 #T1571 #T1588 #T1593 #T1589 #T1657 #T1587 #T1585 #T1583 #T1547 #T1573 #T1048 #T1562 #T1608 #T1546 #T1681 #T1070

Shares tags: T1082, T1090, T1041 • Same author: MITRE

2019-01-29 • 22% Match

APT38

MITRE

#APT38 #G0082 #T1082 #T1005 #T1112 #T1115 #T1083 #T1027 #T1071 #T1204 #T1057 #T1053 #T1566 #T1059 #T1105 #T1543 #T1486 #T1135 #T1218 #T1588 #T1189 #T1049 #T1217 #T1106 #T1562 #T1070 #T1056 #T1529 #T1569 #T1033 #T1485 #T1110 #T1518 #T1561 #T1565 #T1505

Shares tags: T1082, T1005, T1083 • Same author: MITRE

2025-08-13 • 20% Match

APT PROFILE – LAZARUS GROUP

Cyfirma

#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004

Shares tags: T1082, T1140, T1005

2021-12-02 • 20% Match

APT Profile: Who is Lazarus Group?

SOCRadar

#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1573.001 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004 #T0865

Shares tags: T1082, T1140, T1005

2018-04-18 • 20% Match

APT37

MITRE

#APT37 #G0067 #T1082 #T1005 #T1555 #T1036 #T1027 #T1071 #T1204 #T1057 #T1053 #T1566 #T1102 #T1059 #T1105 #T1055 #T1548 #T1203 #T1189 #T1123 #T1547 #T1106 #T1529 #T1559 #T1033 #T1120 #T1561

Shares tags: T1082, T1005, T1036 • Same author: MITRE

« Back