Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cyber_threat_intelligence/actors/Lazarus/README.md

26 KiB
Raw Blame History

Lazarus - Cyber Threat Intelligence

These indicators were reported, collected, and generated during the VulDB CTI analysis of the actor known as Lazarus. The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique predictive model uses big data to forecast activities and their characteristics.

Live data and more analysis capabilities are available at https://vuldb.com/?actor.lazarus

Campaigns

The following campaigns are known and can be associated with Lazarus:

  • AppleJeus
  • Chemical Sector
  • Fallchill
  • Hidden Cobra
  • Hoplight
  • ...

There are 9 more campaign items available. Please use our online service to access the data.

Countries

These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:

There are 6 more country items available. Please use our online service to access the data.

IOC - Indicator of Compromise

These indicators of compromise (IOC) indicate associated network resources which are known to be part of research and attack activities of Lazarus.

ID IP address Hostname Campaign Confidence
1 2.50.22.137 - Hidden Cobra High
2 2.50.22.189 - Hidden Cobra High
3 2.50.25.205 - Hidden Cobra High
4 2.50.27.239 - Hidden Cobra High
5 2.50.40.245 - Hidden Cobra High
6 2.93.86.36 - Hidden Cobra High
7 2.93.86.38 - Hidden Cobra High
8 2.93.86.65 - Hidden Cobra High
9 2.93.86.89 - Hidden Cobra High
10 2.93.86.106 - Hidden Cobra High
11 2.93.86.136 - Hidden Cobra High
12 2.93.86.150 - Hidden Cobra High
13 2.93.86.194 - Hidden Cobra High
14 2.93.86.197 - Hidden Cobra High
15 2.93.86.224 - Hidden Cobra High
16 2.93.86.226 - Hidden Cobra High
17 2.93.86.247 - Hidden Cobra High
18 2.93.86.251 - Hidden Cobra High
19 2.93.86.253 - Hidden Cobra High
20 2.93.131.116 - Hidden Cobra High
21 2.93.131.179 - Hidden Cobra High
22 2.93.238.2 - Hidden Cobra High
23 2.93.238.12 - Hidden Cobra High
24 2.93.238.20 - Hidden Cobra High
25 2.93.238.26 - Hidden Cobra High
26 2.93.238.35 - Hidden Cobra High
27 2.93.238.93 - Hidden Cobra High
28 2.93.238.146 - Hidden Cobra High
29 2.93.238.167 - Hidden Cobra High
30 2.93.238.176 - Hidden Cobra High
31 2.93.238.183 - Hidden Cobra High
32 2.93.238.199 - Hidden Cobra High
33 2.93.238.213 - Hidden Cobra High
34 2.93.238.215 - Hidden Cobra High
35 2.93.238.222 - Hidden Cobra High
36 2.93.238.252 - Hidden Cobra High
37 2.93.238.253 - Hidden Cobra High
38 2.93.248.5 - Hidden Cobra High
39 2.93.248.46 - Hidden Cobra High
40 2.94.53.139 - Hidden Cobra High
41 2.94.65.211 - Hidden Cobra High
42 2.94.65.246 - Hidden Cobra High
43 2.94.82.42 - Hidden Cobra High
44 2.94.117.30 - Hidden Cobra High
45 2.94.117.46 - Hidden Cobra High
46 2.94.117.47 - Hidden Cobra High
47 2.94.117.56 - Hidden Cobra High
48 2.94.209.30 - Hidden Cobra High
49 2.187.99.180 - Hidden Cobra High
50 3.239.189.175 ec2-3-239-189-175.compute-1.amazonaws.com - Medium
51 5.22.137.178 mail.bpdl.co.uk Hidden Cobra High
52 5.22.140.93 5-22-140-93.host.as51043.net Hidden Cobra High
53 5.41.88.137 - Hidden Cobra High
54 5.41.89.32 - Hidden Cobra High
55 5.41.94.221 - Hidden Cobra High
56 5.41.190.7 - Hidden Cobra High
57 5.41.201.151 - Hidden Cobra High
58 5.41.237.214 - Hidden Cobra High
59 5.79.99.169 nsg037-19.divide.nl Fallchill High
60 5.98.91.76 host-5-98-91-76.business.telecomitalia.it Hidden Cobra High
61 5.141.87.156 5-141-97-156.static-adsl.isurgut.ru Hidden Cobra High
62 5.189.190.67 m2767.contaboserver.net Hidden Cobra High
63 5.200.154.208 - Hidden Cobra High
64 5.200.177.218 - Hidden Cobra High
65 5.200.191.104 - Hidden Cobra High
66 5.200.198.10 - Hidden Cobra High
67 5.200.202.99 - Hidden Cobra High
68 13.88.245.250 - - High
69 14.102.46.3 - Volgmer High
70 14.139.125.214 - Volgmer High
71 14.140.123.179 14.140.123.179.static-pune-vsnl.net.in Hidden Cobra High
72 14.141.27.100 14.141.26.100.static-Mumbai.vsnl.net.in Hidden Cobra High
73 14.141.129.116 14.141.129.116.static-Delhi.vsnl.net.in Volgmer High
74 14.149.149.211 - Hidden Cobra High
75 21.252.107.198 - Hoplight High
76 23.81.246.107 - - High
77 23.81.246.131 - South Korea High
78 23.81.246.179 - - High
79 23.82.141.50 - - High
80 23.82.141.172 - - High
81 23.94.37.55 23-94-37-55-host.colocrossing.com - High
82 23.94.139.92 23-94-139-92-host.colocrossing.com - High
83 23.95.67.143 23-95-67-143-host.colocrossing.com - High
84 23.106.160.40 - - High
85 23.106.223.194 - - High
86 23.108.57.232 - - High
87 23.152.0.232 betrp-basisto.seemband.com - High
88 23.227.196.5 23-227-196-5.static.hvvc.us - High
89 23.227.196.116 23-227-196-116.static.hvvc.us - High
90 23.227.199.21 23-227-199-21.static.hvvc.us - High
91 23.227.199.53 23-227-199-53.static.hvvc.us - High
92 23.227.199.69 23-227-199-69.static.hvvc.us - High
93 23.229.111.197 - - High
94 23.254.119.12 - - High
95 26.165.218.44 - Hoplight High
96 27.96.110.130 130.110.96.27.static.m1net.com.sg Hidden Cobra High
97 27.114.187.37 - Volgmer High
98 27.123.221.66 66-221.fiber.net.id Fallchill High
99 27.125.35.229 - Hidden Cobra High
100 31.47.47.130 - Hidden Cobra High
101 31.54.73.156 host31-54-73-156.range31-54.btcentralplus.com Hidden Cobra High
102 31.54.74.176 host31-54-74-176.range31-54.btcentralplus.com Hidden Cobra High
103 31.146.82.22 31-146-82-22.dsl.utg.ge Volgmer High
104 31.146.136.6 31-146-136-6.dsl.utg.ge Hidden Cobra High
105 31.168.203.44 bzq-203-168-31-44.red.bezeqint.net Hidden Cobra High
106 36.71.90.4 - Fallchill High
107 37.34.240.177 - Hidden Cobra High
108 37.48.106.69 high-convey.blockother.com Hidden Cobra High
109 37.71.50.2 2.50.71.37.rev.sfr.net Hidden Cobra High
110 37.72.168.228 228.168.72.37.static.swiftway.net - High
111 37.72.175.135 37-72-175-135.static.hvvc.us - High
112 37.72.175.179 37-72-175-179.static.hvvc.us - High
113 37.72.175.196 37-72-175-196.static.hvvc.us - High
114 37.75.0.98 - Hidden Cobra High
115 37.75.2.203 - Hidden Cobra High
116 37.75.10.194 mail.kplus.com.tr Hidden Cobra High
117 37.75.11.162 37-75-11-162.rdns.saglayici.net Hidden Cobra High
118 37.98.114.90 90.mobinnet.net Volgmer High
119 37.104.24.220 - Hidden Cobra High
120 37.104.50.144 - Hidden Cobra High
121 37.104.67.33 - Hidden Cobra High
122 37.105.234.200 - Hidden Cobra High
123 37.106.115.3 - Hidden Cobra High
124 37.143.29.10 - Hidden Cobra High
125 37.148.209.156 37-148-209-156.cizgi.net.tr Hidden Cobra High
126 37.216.67.155 - Volgmer High
127 37.216.213.70 - Hidden Cobra High
128 37.235.21.166 - Volgmer High
129 37.238.135.70 - - High
130 38.132.124.161 - TraderTraitor High
131 40.121.90.194 - - High
132 41.57.108.68 - Hidden Cobra High
133 41.67.136.38 netcomafrica.com Hidden Cobra High
134 41.67.136.39 netcomafrica.com Hidden Cobra High
135 41.72.99.5 - Hidden Cobra High
136 41.72.101.138 - Hidden Cobra High
137 41.74.166.253 - Hidden Cobra High
138 41.92.208.194 - Fallchill High
139 41.92.208.196 - Fallchill High
140 41.92.208.197 - Fallchill High
141 41.110.179.197 - Hidden Cobra High
142 41.128.226.60 - Hidden Cobra High
143 41.131.49.228 host-41-131-49-228.static.link.com.eg Hidden Cobra High
144 41.131.164.156 - Hidden Cobra High
145 41.134.208.234 41-134-208-234.dsl.mweb.co.za Hidden Cobra High
146 41.182.252.56 ADSL-41-182-252-56.ipb.na Hidden Cobra High
147 41.205.139.34 ADSL-41-205-139-34.ipb.na Hidden Cobra High
148 41.208.106.68 owa.altaqnya.com.ly Hidden Cobra High
149 41.208.106.70 dc1.Mail.dsmhlc.ly Hidden Cobra High
150 41.215.250.40 - Hidden Cobra High
151 41.223.30.20 host30-20.creolink.com Hidden Cobra High
152 41.224.254.90 - Hidden Cobra High
153 43.249.216.6 - Volgmer High
154 45.33.2.79 li956-79.members.linode.com AppleJeus High
155 45.33.23.183 li977-183.members.linode.com AppleJeus High
156 45.56.79.23 li929-23.members.linode.com AppleJeus High
157 45.58.112.77 - - High
158 45.79.19.196 li1118-196.members.linode.com AppleJeus High
159 45.118.34.215 - Volgmer High
160 45.120.61.145 - Hidden Cobra High
161 45.122.138.130 - - High
162 45.124.169.36 - Volgmer High
163 45.128.156.27 smtp.flatmeadow.com - High
164 45.199.63.220 - AppleJeus High
165 46.16.62.238 fnadh-35.srv.cat TraderTraitor High
166 46.19.101.186 ip-46-19-101-186.gnc.net Hidden Cobra High
167 46.21.147.161 46-21-147-161.static.hvvc.us - High
168 46.21.153.87 87.153.21.46.static.swiftway.net - High
169 46.52.131.102 - Hidden Cobra High
170 46.121.242.180 46-121-242-180.static.012.net.il Hidden Cobra High
171 46.174.116.60 - Hidden Cobra High
172 46.174.116.87 - Hidden Cobra High
173 46.174.116.90 - Hidden Cobra High
174 46.174.116.99 - Hidden Cobra High
175 46.174.116.221 - Hidden Cobra High
176 46.174.116.231 - Hidden Cobra High
177 46.174.116.234 - Hidden Cobra High
178 46.174.117.15 - Hidden Cobra High
179 46.174.117.32 - Hidden Cobra High
180 46.174.117.36 - Hidden Cobra High
181 46.174.117.42 - Hidden Cobra High
182 46.174.117.44 - Hidden Cobra High
183 46.174.117.50 - Hidden Cobra High
184 46.174.117.61 - Hidden Cobra High
185 46.174.117.77 - Hidden Cobra High
186 46.174.117.80 - Hidden Cobra High
187 46.174.117.97 - Hidden Cobra High
188 46.174.117.98 - Hidden Cobra High
189 46.174.117.103 - Hidden Cobra High
190 46.174.117.116 - Hidden Cobra High
191 46.174.117.121 - Hidden Cobra High
192 46.174.117.129 - Hidden Cobra High
193 46.174.117.134 - Hidden Cobra High
194 46.174.117.153 - Hidden Cobra High
195 46.174.117.164 - Hidden Cobra High
196 46.183.221.109 ip-221-109.dataclub.info - High
197 46.218.127.110 reverse.completel.fr Hidden Cobra High
198 47.206.4.145 static-47-206-4-145.srst.fl.frontiernet.net Hoplight High
199 49.206.1.61 49.206.1.61.actcorp.in Hidden Cobra High
200 49.247.9.177 - - High
201 50.62.168.157 p3nwvpweb145.shr.prod.phx3.secureserver.net Fallchill High
202 50.87.144.227 somethingaboutmarketing.com - High
203 51.38.234.8 hydra.skok.pl - High
204 51.235.1.216 - Hidden Cobra High
205 51.235.13.162 - Hidden Cobra High
206 51.235.17.133 - Hidden Cobra High
207 51.235.19.202 - Hidden Cobra High
208 51.235.33.226 - Hidden Cobra High
209 51.235.49.202 - Hidden Cobra High
210 52.79.118.195 ec2-52-79-118-195.ap-northeast-2.compute.amazonaws.com Chemical Sector Medium
211 52.202.193.124 ec2-52-202-193-124.compute-1.amazonaws.com MagicRAT Medium
212 54.38.11.132 ip132.ip-54-38-11.eu - High
213 54.39.204.190 ip190.ip-54-39-204.net - High
214 54.64.30.175 vega.mh-tec.co.jp - High
215 54.68.42.4 ec2-54-68-42-4.us-west-2.compute.amazonaws.com - Medium
216 58.82.155.98 98.155.82.58.static-corp.jastel.co.th Volgmer High
217 58.185.197.210 - Volgmer High
218 59.8.194.228 - - High
219 59.90.93.97 static.bb.knl.59.90.93.97.bsnl.in Typeframe High
220 59.90.93.138 static.bb.knl.59.90.93.138.bsnl.in Fallchill High
221 ... ... ... ...

There are 880 more IOC items available. Please use our online service to access the data.

TTP - Tactics, Techniques, Procedures

Tactics, techniques, and procedures (TTP) summarize the suspected MITRE ATT&CK techniques used by Lazarus. This data is unique as it uses our predictive model for actor profiling.

ID Technique Weakness Description Confidence
1 T1006 CWE-21, CWE-22, CWE-36 Pathname Traversal High
2 T1040 CWE-294, CWE-319 Authentication Bypass by Capture-replay High
3 T1055 CWE-74 Injection High
4 T1059 CWE-94 Cross Site Scripting High
5 T1059.007 CWE-79, CWE-80 Cross Site Scripting High
6 ... ... ... ...

There are 19 more TTP items available. Please use our online service to access the data.

IOA - Indicator of Attack

These indicators of attack (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Lazarus. This data is unique as it uses our predictive model for actor profiling.

ID Type Indicator Confidence
1 File /admin/?page=reports/stockin High
2 File /admin/?page=reports/stockout High
3 File /admin/?page=reports/waste High
4 File /admin/?page=user/manage_user High
5 File /admin/addemployee.php High
6 File /admin/del.php High
7 File /admin/delete.php High
8 File /admin/delstu.php High
9 File /admin/login.php High
10 File /admin/products/controller.php?action=add High
11 File /bd_genie_create_account.cgi High
12 File /categories/view_category.php High
13 File /cgi-bin/ExportSettings.sh High
14 File /classes/Master.php?f=delete_img High
15 File /defaultui/player/modern.html High
16 File /etc/ciel.cfg High
17 File /etc/init0.d/S80telnetd.sh High
18 File /etc/srapi/config/system.conf High
19 File /goform/addRouting High
20 File /goform/Diagnosis High
21 File /goform/form2userconfig.cgi High
22 ... ... ...

There are 183 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

References

The following list contains external sources which discuss the actor and the associated activities:

Literature

The following articles explain our unique predictive cyber threat intelligence:

License

(c) 1997-2022 by vuldb.com. All data on this page is shared under the license CC BY-NC-SA 4.0. Questions? Check the FAQ, read the documentation or contact us!