Lazarus: Three North Koreans Charged for Financially Motivated Attacks

2021-02-18 Symantec

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-north-korea-indictment

Thumbnail for Lazarus: Three North Koreans Charged for Financially Motivated Attacks

U.S. charges against three North Korean men covered a financially motivated Lazarus theft campaign that stole about $1.3 billion from banks and cryptocurrency exchanges, including the Bangladesh Bank heist. Symantec links the activity to Banswift malware used to hide fraudulent SWIFT transfers, Contopee and Fimlis tooling against South-East Asian financial targets, and 2017 watering-hole attacks that delivered Ratankba through a custom exploit kit. The source also connects Lazarus to WannaCry, FASTCash ATM cash-outs using Trojan.Fastcash on switch servers, and AppleJeus cryptocurrency-trading app trojans. The report frames the indictment and related money-laundering plea as law-enforcement action against a long-running DPRK financial theft operation.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 5e40d106977017b1ed235419b1e59ff… 2021-02-18 2025-09-01
HASH 91eaf215be336eae983d069de16630c… 2021-02-18 2024-12-27
DOMAIN levelframeblog.com 2021-02-18 2024-09-09
DOMAIN globalkeystroke.com 2021-02-18 2024-09-09
DOMAIN airbseeker.com 2021-02-18 2024-09-09
DOMAIN celasllc.com 2018-08-15 2024-03-05
HASH 7ea6391c11077a0f2633104193ec086… 2021-02-18 2021-02-18
HASH 631ac269925bb72b5ad8f4690623095… 2021-02-18 2021-02-18
HASH 572a124f5665be68eaa472590f3ba75… 2021-02-18 2021-02-18
HASH c0c2239138b9bc659b5bddd8f49fa3f… 2021-02-18 2021-02-18
HASH af4144c1f0236e6b59f40d88635ec54… 2021-02-18 2021-02-18
HASH d404c0a634cef0d32029286fde8efcc… 2021-02-18 2021-02-18
HASH 01c13f825ec6366ac2b6dd80e558956… 2021-02-18 2021-02-18
HASH bdff852398f174e9eef1db1c2d3fefd… 2021-02-18 2021-02-18
HASH 527792dfab79f026eaa6930d2109c93… 2021-02-18 2021-02-18
HASH d5ac680e14b013e0624470da7f46e84… 2021-02-18 2021-02-18
HASH fc1aafd2ed190fa523e60c3d22b6f7c… 2021-02-18 2021-02-18
HASH 1b60a6d35c872102f535ae6a3d7669f… 2021-02-18 2021-02-18
HASH 0967d2f122a797661c90bc4fc00d23b… 2021-02-18 2021-02-18
HASH 21afaceee5fab15948a5a724222c948… 2021-02-18 2021-02-18
HASH 3e5442440aea07229a1bf6ca2fdf78c… 2021-02-18 2021-02-18
HASH 0bc7517aa2f0c1820ced399bfd66b99… 2021-02-18 2021-02-18
HASH a0c461c94ba9f1573c7253666d218b3… 2021-02-18 2021-02-18
HASH e3623c2440b692f6b557a862719dc95… 2021-02-18 2021-02-18
HASH 78b56a1385f2a92f3c9404f71731088… 2021-02-18 2021-02-18
HASH 6f45a004ad6bb087f733feb618e115f… 2021-02-18 2021-02-18
HASH a84ed8ce714dff76b48b26414de9f04… 2021-02-18 2021-02-18
HASH 5e54bccbd4d93447e79cda0558b0b30… 2021-02-18 2021-02-18
HASH 081d1739422bf050755e6af269a7176… 2021-02-18 2021-02-18
HASH bb430087484c1f4587c54efc75681eb… 2021-02-18 2021-02-18
HASH dcb232409c799f6ddfe4bc0566161c2… 2021-02-18 2021-02-18
HASH 755bd7a3765efceb8183ffade090ef2… 2021-02-18 2021-02-18
DOMAIN qnalytica.com 2021-02-18 2021-02-18
IPv4 23.152.0.101 2021-02-18 2021-02-18
IPv4 45.147.231.77 2021-02-18 2021-02-18
IPv4 216.189.150.185 2021-02-18 2021-02-18
DOMAIN kupaywallet.com 2021-02-17 2021-02-18
DOMAIN dorusio.com 2021-02-17 2021-02-18
DOMAIN ants2whale.com 2021-02-17 2021-02-18
HASH 326d7836d580c08cf4b5e587434f6e5… 2020-07-27 2021-02-18
DOMAIN coingotrade.com 2020-07-27 2021-02-18
HASH 2ab58b7ce583402bf4cbc90bee643ba… 2019-12-06 2021-02-18
HASH 4d6078fc1ea6d3cd65c3ceabf659616… 2019-10-17 2021-02-18
HASH 07c38ca1e0370421f74c949507fc0d2… 2019-10-17 2021-02-18
HASH e352d6ea4da596abfdf51f617584611… 2019-10-17 2021-02-18
HASH 9bf8e8ac82b8f7c3707eb12e77f94cd… 2019-10-17 2021-02-18
DOMAIN jmttrading.org 2019-10-12 2021-02-18
DOMAIN beastgoc.com 2019-10-12 2021-02-18

Related Actors

Related Reports

« Back