Lazarus aka Hidden Cobra APT Group – Active IOCs
Contents
Cobalt Strike Malware – Active IOCs
December 20, 2024ICS: Multiple Siemens Products Vulnerabilities
December 20, 2024Cobalt Strike Malware – Active IOCs
December 20, 2024ICS: Multiple Siemens Products Vulnerabilities
December 20, 2024Severity
High
Analysis Summary
Lazarus APT is one of North Korea's most sophisticated threat actors, and it has been operating since at least 2009. Initially, they concentrated on South Korea. It has recently shifted its focus to worldwide targets and began initiating attacks for monetary gain. This actor has been linked to attacks in South Korea, the United States, Japan, and several other nations. Lazarus APT is suspected of being behind several diverse efforts, including cyber espionage, and attacks on financial institutions, government agencies, and the military.
The Lazarus group has been known to use a variety of tactics, techniques, and procedures TTPs in their operations, including spear-phishing, malware, and social engineering. One of their recent campaigns, "Dream Job," specifically targets cryptocurrency-adjacent entities by impersonating legitimate job recruiters …
December 20, 2024ICS: Multiple Siemens Products Vulnerabilities
December 20, 2024Cobalt Strike Malware – Active IOCs
December 20, 2024ICS: Multiple Siemens Products Vulnerabilities
December 20, 2024Severity
High
Analysis Summary
Lazarus APT is one of North Korea's most sophisticated threat actors, and it has been operating since at least 2009. Initially, they concentrated on South Korea. It has recently shifted its focus to worldwide targets and began initiating attacks for monetary gain. This actor has been linked to attacks in South Korea, the United States, Japan, and several other nations. Lazarus APT is suspected of being behind several diverse efforts, including cyber espionage, and attacks on financial institutions, government agencies, and the military.
The Lazarus group has been known to use a variety of tactics, techniques, and procedures TTPs in their operations, including spear-phishing, malware, and social engineering. One of their recent campaigns, "Dream Job," specifically targets cryptocurrency-adjacent entities by impersonating legitimate job recruiters …
IoC
d042afa59dd81cc9e0d0e50e3cc8694a3c5f8fb4
b8daba7780619f9a9001cf391c74a5e56682aa94
c4ce18cb838eb61d20a857e00589b0a04a06ba52
34bd23adddc3ca5e252d89fed27225bd
785028ccb1763c504626d3678a0c8fe7
317d733031850427b6738dc9213890e7a4eac51fcb88f7c99b2fbca4cd77a561
92b770b39e51c618a8556e2a5f8989a8
b1f371ef6f978b44258ab235e79de39a8e7f7342eb0b282317cee5f5ebbd0864
56a666601e66a01cc8dcb53a470d9ea092633c76197cd13919c7749e51ebccbc
b8daba7780619f9a9001cf391c74a5e56682aa94
c4ce18cb838eb61d20a857e00589b0a04a06ba52
34bd23adddc3ca5e252d89fed27225bd
785028ccb1763c504626d3678a0c8fe7
317d733031850427b6738dc9213890e7a4eac51fcb88f7c99b2fbca4cd77a561
92b770b39e51c618a8556e2a5f8989a8
b1f371ef6f978b44258ab235e79de39a8e7f7342eb0b282317cee5f5ebbd0864
56a666601e66a01cc8dcb53a470d9ea092633c76197cd13919c7749e51ebccbc