T1614 - DPRK Threat Intelligence

#T1614 System Location Discovery

Technique

Tactics: Discovery
Description:

Adversaries may gather information in an attempt to calculate the geographical location of a victim host. Adversaries may use the information from [System Location Discovery](https://attack.mitre.org/techniques/T1614) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Adversaries may attempt to infer the location of a system using various system checks, such as time zone, keyboard layout, and/or language settings.(Citation: FBI Ragnar Locker 2020)(Citation: Sophos Geolocation 2016)(Citation: Bleepingcomputer RAT malware 2020) Windows API functions such as <code>GetLocaleInfoW</code> can also be used to determine the locale of the host.(Citation: FBI Ragnar Locker 2020) In cloud environments, an instance's availability zone may also be discovered by accessing the instance metadata service from the instance.(Citation: AWS Instance Identity Documents)(Citation: Microsoft Azure Instance Metadata 2021)

Adversaries may also attempt to infer the location of a victim host using IP addressing, such as via online geolocation IP-lookup services.(Citation: Securelist Trasparent Tribe 2020)(Citation: Sophos Geolocation 2016)
First Seen: Lazarus Group • 2017-05-31

MITRE ATT&CK

7

Tagged Reports
6

Unique Authors
3,110

Active Days

Tagged Reports

2025-12-04

Any Run

How We Caught Lazarus's IT Workers Scheme Live on Camera

#ITWorker #FamousChollima #T1614 #T1566 #T1219 #T1016 #T1090 #T1593.002 #T1082

2025-02-20

ESET

DeceptiveDevelopment targets freelance developers

#BeaverTail #DeceptiveDevelopment #InvisibleFerret #T1025 #T1567.004 #T1555.001 #T1027.013 #T1016 #T1071.002 #T1566.003 #T1564.003 #T1552.001 #T1583.003 #T1082 #T1614 #T1119 #T1059.003 #T1074.001 #T1140 #T1030 #T1585.001 #T1005 #T1059.007 #T1587.001 #T1041 #T1564.001 #T1010 #T1219 #T1608.001 #T1204.002 #T1571 #T1071.001 #T1059.006 #T1115 #T1083 #T1124 #T1555.003 #T1056.001 #T1133 #T1021.001 #T1095 #T1560.002 #T1657 #T1217

2024-07-19

Cyfirma

APT Quarterly Highlights : Q2 2024

#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus #T1562.001 #T1190 #T1068 #T1543.003 #T1056 #T1595.002 #T1059.003 #T1566 #T1485 #T1218.011 #T1069.002 #T1010 #T1571 #T1102.001 #T1583.001 #T1555.003 #T1033 #T1497.001 #T1203 #T1036 #T1012 #T1027 #T1583.003 #T1071 #T1562.004 #T1614 #T1027.005 #T1548 #T1552 #T1140 #T1005 #T1053.005 #T1564.001 #T1555 #T1129 #T1070.001 #T1046 #T1070 #T1095 #T1569.002 #T1562 #T1573 #T1047 #T1552.001 #T1057 #T1082 #T1518.001 #T1176 #T1090 #T1518 #T1539 #T1041 #T1564 #T1560 #T1202 #T1071.001 #T1547 #T1112 #T1497 #T1059.001 #T1124 #T1056.001 #T1222 #T1070.006 #T1059 #T1564.003 #T1222.001 #T1056.004 #T1547.001 #T1584 #T1087.002 #T1070.004 #T1505.003 #T1113 #T1608.005 #T1204.002 #T1087 #T1574.002 #T1115 #T1083 #T1490 #T1053 #T1486 #T1566.002 #T1133 #T1021.004 #T1003

2023-04-20

Mandiant

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible

#SupplyChain #UNC4736 #YARA #3CXDesktopApp #SmoothOperator #X_Trader #UNC4469 #UNC3782 #T1573 #T1190 #T1608 #T1036 #T1012 #T1588.004 #T1027 #T1622 #T1071 #T1565.001 #T1082 #T1574 #T1614 #T1614.001 #T1620 #T1140 #T1608.003 #T1070.004 #T1036.001 #T1195 #T1071.004 #T1070.001 #T1105 #T1071.001 #T1195.002 #T1588 #T1055 #T1574.002 #T1070 #T1112 #T1083 #T1565 #T1497 #T1573.002 #T1497.001

2023-02-23

ESET

WinorDLL64: A backdoor from the vast Lazarus arsenal?

#Wslink #T1134.002 #T1012 #T1016 #T1106 #T1057 #T1082 #T1614 #T1614.001 #T1087.001 #T1135 #T1049 #T1087.002 #T1005 #T1070.004 #T1587.001 #T1531 #T1083 #T1059.001 #T1033 #T1560.002

2022-04-15

Dragos

ICS/OT CYBERSECURITY YEAR IN REVIEW 2021

#Trend #WASSONITE #T1589 #T0840 #T1573 #T1036 #T1016 #T0884 #T0888 #T1071 #T0807 #T1056 #T1614 #T1082 #T1574 #T1566 #T1602 #T1591 #T0822 #T0858 #T1021 #T1480 #T1049 #T1584 #T0859 #T1140 #T1078 #T0806 #T1505 #T1041 #T1113 #T1555 #T1560 #T1564 #T0817 #T1132 #T1055 #T1547 #T1127 #T1083 #T1053 #T1189 #T1033 #T0819 #T1074 #T1059 #T1217

2017-05-31

MITRE

Lazarus Group

#G0032 #T0865 #T1608 #T1587 #T1056 #T1566 #T1485 #T1591 #T1620 #T1021 #T1078 #T1010 #T1571 #T1588 #T1557 #T1033 #T1001 #T1542 #T1593 #T1589 #T1134 #T1203 #T1036 #T1012 #T1016 #T1106 #T1027 #T1102 #T1071 #T1614 #T1529 #T1049 #T1140 #T1005 #T1105 #T1046 #T1070 #T1110 #T1489 #T1562 #T1534 #T1573 #T1047 #T1543 #T1104 #T1491 #T1057 #T1082 #T1574 #T1090 #T1218 #T1583 #T1041 #T1561 #T1560 #T1564 #T1202 #T1547 #T1497 #T1189 #T1124 #T1204 #T1059 #T1008 #T1048 #T1567 #T1221 #T1098 #T1585 #T1553 #T1584 #T1220 #T1132 #T1055 #T1087 #T1083 #T1053 #T1074

« Back