Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Lazarus/README.md

22 KiB
Raw Blame History

Lazarus - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Lazarus. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.lazarus

Campaigns

The following campaigns are known and can be associated with Lazarus:

  • AppleJeus
  • Chemical Sector
  • Fallchill
  • ...

There are 7 more campaign items available. Please use our online service to access the data.

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:

There are 4 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Lazarus.

ID IP address Hostname Campaign Confidence
1 2.50.22.137 - Hidden Cobra High
2 2.50.22.189 - Hidden Cobra High
3 2.50.25.205 - Hidden Cobra High
4 2.50.27.239 - Hidden Cobra High
5 2.50.40.245 - Hidden Cobra High
6 2.93.86.36 - Hidden Cobra High
7 2.93.86.38 - Hidden Cobra High
8 2.93.86.65 - Hidden Cobra High
9 2.93.86.89 - Hidden Cobra High
10 2.93.86.106 - Hidden Cobra High
11 2.93.86.136 - Hidden Cobra High
12 2.93.86.150 - Hidden Cobra High
13 2.93.86.194 - Hidden Cobra High
14 2.93.86.197 - Hidden Cobra High
15 2.93.86.224 - Hidden Cobra High
16 2.93.86.226 - Hidden Cobra High
17 2.93.86.247 - Hidden Cobra High
18 2.93.86.251 - Hidden Cobra High
19 2.93.86.253 - Hidden Cobra High
20 2.93.131.116 - Hidden Cobra High
21 2.93.131.179 - Hidden Cobra High
22 2.93.238.2 - Hidden Cobra High
23 2.93.238.12 - Hidden Cobra High
24 2.93.238.20 - Hidden Cobra High
25 2.93.238.26 - Hidden Cobra High
26 2.93.238.35 - Hidden Cobra High
27 2.93.238.93 - Hidden Cobra High
28 2.93.238.146 - Hidden Cobra High
29 2.93.238.167 - Hidden Cobra High
30 2.93.238.176 - Hidden Cobra High
31 2.93.238.183 - Hidden Cobra High
32 2.93.238.199 - Hidden Cobra High
33 2.93.238.213 - Hidden Cobra High
34 2.93.238.215 - Hidden Cobra High
35 2.93.238.222 - Hidden Cobra High
36 2.93.238.252 - Hidden Cobra High
37 2.93.238.253 - Hidden Cobra High
38 2.93.248.5 - Hidden Cobra High
39 2.93.248.46 - Hidden Cobra High
40 2.94.53.139 - Hidden Cobra High
41 2.94.65.211 - Hidden Cobra High
42 2.94.65.246 - Hidden Cobra High
43 2.94.82.42 - Hidden Cobra High
44 2.94.117.30 - Hidden Cobra High
45 2.94.117.46 - Hidden Cobra High
46 2.94.117.47 - Hidden Cobra High
47 2.94.117.56 - Hidden Cobra High
48 2.94.209.30 - Hidden Cobra High
49 2.187.99.180 - Hidden Cobra High
50 5.22.137.178 mail.bpdl.co.uk Hidden Cobra High
51 5.22.140.93 5-22-140-93.host.as51043.net Hidden Cobra High
52 5.41.88.137 - Hidden Cobra High
53 5.41.89.32 - Hidden Cobra High
54 5.41.94.221 - Hidden Cobra High
55 5.41.190.7 - Hidden Cobra High
56 5.41.201.151 - Hidden Cobra High
57 5.41.237.214 - Hidden Cobra High
58 5.79.99.169 nsg037-19.divide.nl Fallchill High
59 5.98.91.76 host-5-98-91-76.business.telecomitalia.it Hidden Cobra High
60 5.141.87.156 5-141-97-156.static-adsl.isurgut.ru Hidden Cobra High
61 5.189.190.67 m2767.contaboserver.net Hidden Cobra High
62 5.200.154.208 - Hidden Cobra High
63 5.200.177.218 - Hidden Cobra High
64 5.200.191.104 - Hidden Cobra High
65 5.200.198.10 - Hidden Cobra High
66 5.200.202.99 - Hidden Cobra High
67 14.102.46.3 - Volgmer High
68 14.139.125.214 - Volgmer High
69 14.140.123.179 14.140.123.179.static-pune-vsnl.net.in Hidden Cobra High
70 14.141.27.100 14.141.26.100.static-Mumbai.vsnl.net.in Hidden Cobra High
71 14.141.129.116 14.141.129.116.static-Delhi.vsnl.net.in Volgmer High
72 14.149.149.211 - Hidden Cobra High
73 21.252.107.198 - Hoplight High
74 23.152.0.232 betrp-basisto.seemband.com - High
75 26.165.218.44 - Hoplight High
76 27.96.110.130 130.110.96.27.static.m1net.com.sg Hidden Cobra High
77 27.114.187.37 - Volgmer High
78 27.123.221.66 66-221.fiber.net.id Fallchill High
79 27.125.35.229 - Hidden Cobra High
80 31.47.47.130 - Hidden Cobra High
81 31.54.73.156 host31-54-73-156.range31-54.btcentralplus.com Hidden Cobra High
82 31.54.74.176 host31-54-74-176.range31-54.btcentralplus.com Hidden Cobra High
83 31.146.82.22 31-146-82-22.dsl.utg.ge Volgmer High
84 31.146.136.6 31-146-136-6.dsl.utg.ge Hidden Cobra High
85 31.168.203.44 bzq-203-168-31-44.red.bezeqint.net Hidden Cobra High
86 36.71.90.4 - Fallchill High
87 37.34.240.177 - Hidden Cobra High
88 37.48.106.69 high-convey.blockother.com Hidden Cobra High
89 37.71.50.2 2.50.71.37.rev.sfr.net Hidden Cobra High
90 37.75.0.98 - Hidden Cobra High
91 37.75.2.203 - Hidden Cobra High
92 37.75.10.194 mail.kplus.com.tr Hidden Cobra High
93 37.75.11.162 37-75-11-162.rdns.saglayici.net Hidden Cobra High
94 37.98.114.90 90.mobinnet.net Volgmer High
95 37.104.24.220 - Hidden Cobra High
96 37.104.50.144 - Hidden Cobra High
97 37.104.67.33 - Hidden Cobra High
98 37.105.234.200 - Hidden Cobra High
99 37.106.115.3 - Hidden Cobra High
100 37.143.29.10 - Hidden Cobra High
101 37.148.209.156 37-148-209-156.cizgi.net.tr Hidden Cobra High
102 37.216.67.155 - Volgmer High
103 37.216.213.70 - Hidden Cobra High
104 37.235.21.166 - Volgmer High
105 37.238.135.70 - - High
106 38.132.124.161 - TraderTraitor High
107 41.57.108.68 - Hidden Cobra High
108 41.67.136.38 netcomafrica.com Hidden Cobra High
109 41.67.136.39 netcomafrica.com Hidden Cobra High
110 41.72.99.5 - Hidden Cobra High
111 41.72.101.138 - Hidden Cobra High
112 41.74.166.253 - Hidden Cobra High
113 41.92.208.194 - Fallchill High
114 41.92.208.196 - Fallchill High
115 41.92.208.197 - Fallchill High
116 41.110.179.197 - Hidden Cobra High
117 41.128.226.60 - Hidden Cobra High
118 41.131.49.228 host-41-131-49-228.static.link.com.eg Hidden Cobra High
119 41.131.164.156 - Hidden Cobra High
120 41.134.208.234 41-134-208-234.dsl.mweb.co.za Hidden Cobra High
121 41.182.252.56 ADSL-41-182-252-56.ipb.na Hidden Cobra High
122 41.205.139.34 ADSL-41-205-139-34.ipb.na Hidden Cobra High
123 41.208.106.68 owa.altaqnya.com.ly Hidden Cobra High
124 41.208.106.70 dc1.Mail.dsmhlc.ly Hidden Cobra High
125 41.215.250.40 - Hidden Cobra High
126 41.223.30.20 host30-20.creolink.com Hidden Cobra High
127 41.224.254.90 - Hidden Cobra High
128 43.249.216.6 - Volgmer High
129 45.33.2.79 li956-79.members.linode.com AppleJeus High
130 45.33.23.183 li977-183.members.linode.com AppleJeus High
131 45.56.79.23 li929-23.members.linode.com AppleJeus High
132 45.79.19.196 li1118-196.members.linode.com AppleJeus High
133 45.118.34.215 - Volgmer High
134 45.120.61.145 - Hidden Cobra High
135 45.124.169.36 - Volgmer High
136 45.199.63.220 - AppleJeus High
137 46.16.62.238 fnadh-35.srv.cat TraderTraitor High
138 46.19.101.186 ip-46-19-101-186.gnc.net Hidden Cobra High
139 46.21.147.161 46-21-147-161.static.hvvc.us - High
140 46.52.131.102 - Hidden Cobra High
141 46.121.242.180 46-121-242-180.static.012.net.il Hidden Cobra High
142 46.174.116.60 - Hidden Cobra High
143 46.174.116.87 - Hidden Cobra High
144 46.174.116.90 - Hidden Cobra High
145 46.174.116.99 - Hidden Cobra High
146 46.174.116.221 - Hidden Cobra High
147 46.174.116.231 - Hidden Cobra High
148 46.174.116.234 - Hidden Cobra High
149 46.174.117.15 - Hidden Cobra High
150 46.174.117.32 - Hidden Cobra High
151 46.174.117.36 - Hidden Cobra High
152 46.174.117.42 - Hidden Cobra High
153 46.174.117.44 - Hidden Cobra High
154 46.174.117.50 - Hidden Cobra High
155 46.174.117.61 - Hidden Cobra High
156 46.174.117.77 - Hidden Cobra High
157 46.174.117.80 - Hidden Cobra High
158 46.174.117.97 - Hidden Cobra High
159 46.174.117.98 - Hidden Cobra High
160 46.174.117.103 - Hidden Cobra High
161 46.174.117.116 - Hidden Cobra High
162 46.174.117.121 - Hidden Cobra High
163 46.174.117.129 - Hidden Cobra High
164 46.174.117.134 - Hidden Cobra High
165 46.174.117.153 - Hidden Cobra High
166 46.174.117.164 - Hidden Cobra High
167 46.218.127.110 reverse.completel.fr Hidden Cobra High
168 47.206.4.145 static-47-206-4-145.srst.fl.frontiernet.net Hoplight High
169 49.206.1.61 49.206.1.61.actcorp.in Hidden Cobra High
170 50.62.168.157 p3nwvpweb145.shr.prod.phx3.secureserver.net Fallchill High
171 50.87.144.227 somethingaboutmarketing.com - High
172 51.235.1.216 - Hidden Cobra High
173 51.235.13.162 - Hidden Cobra High
174 51.235.17.133 - Hidden Cobra High
175 51.235.19.202 - Hidden Cobra High
176 51.235.33.226 - Hidden Cobra High
177 51.235.49.202 - Hidden Cobra High
178 52.79.118.195 ec2-52-79-118-195.ap-northeast-2.compute.amazonaws.com Chemical Sector Medium
179 54.64.30.175 vega.mh-tec.co.jp - High
180 58.82.155.98 98.155.82.58.static-corp.jastel.co.th Volgmer High
181 58.185.197.210 - Volgmer High
182 59.90.93.97 static.bb.knl.59.90.93.97.bsnl.in Typeframe High
183 59.90.93.138 static.bb.knl.59.90.93.138.bsnl.in Fallchill High
184 ... ... ... ...

There are 733 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Lazarus. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1059.007 CWE-79 Cross Site Scripting High
2 T1068 CWE-284 Execution with Unnecessary Privileges High
3 T1110.001 CWE-798 Improper Restriction of Excessive Authentication Attempts High
4 ... ... ... ...

There are 4 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Lazarus. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin.php?id=posts&action=display&value=1&postid= High
2 File /admin.php?id=siteoptions&social=display&value=0&sid=2 High
3 File /admin.php?id=siteoptions&social=edit&sid=2 High
4 File /admin/inbox.php&action=delete High
5 File /admin/inbox.php&action=read High
6 File /admin/pagerole.php&action=display&value=1 High
7 File /admin/pagerole.php&action=edit High
8 File /admin/posts.php High
9 File /admin/posts.php&action=delete High
10 File /admin/posts.php&action=edit High
11 File /admin/siteoptions.php&action=displaygoal&value=1&roleid=1 High
12 File /admin/siteoptions.php&social=remove&sid=2 High
13 ... ... ...

There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!