ioc[.]one - OSINT Cyber Threat Intelligence Database

Lazarus Group Recent Trends - CYFIRMA

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Develop Capabilities Masquerading Obfuscated Files Or Information Obtain Capabilities Process Injection Resource Hijacking
country:	Australia Bangladesh Brazil Canada Chile China North Korea Germany France Guatemala India Indonesia Iran Japan South Korea Thailand Myanmar Philippines Poland Singapore Russia Vietnam United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Model Acquire Infrastructure - T1583 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Custom Method - T1560.003 Archive Via Library - T1560.002 Boot Or Logon Autostart Execution - T1547 Bootkit - T1542.003 Command And Scripting Interpreter - T1623 Compiled Html File - T1218.001 Compiled Html File - T1223 Create Or Modify System Process - T1543 Create Process With Token - T1134.002 Data Destruction - T1662 Data Destruction - T1485 Data From Local System - T1533 Defacement - T1491 Develop Capabilities - T1587 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Disable Or Modify System Firewall - T1562.004 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Disk Content Wipe - T1561.001 Disk Content Wipe - T1488 Disk Structure Wipe - T1561.002 Disk Structure Wipe - T1487 Disk Wipe - T1561 Domains - T1583.001 Domains - T1584.001 Drive-By Compromise - T1456 Dynamic-Link Library Injection - T1055.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over C2 Channel - T1646 Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 External Proxy - T1090.002 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Hidden Files And Directories - T1564.001 Hide Artifacts - T1628 Hide Artifacts - T1564 Impair Defenses - T1562 Impair Defenses - T1629 Indicator Removal On Host - T1630 Ingress Tool Transfer - T1544 Input Capture - T1417 Internal Defacement - T1491.001 Keylogging - T1056.001 Keylogging - T1417.001 Local Data Staging - T1074.001 System Network Configuration Discovery - T1422 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Obtain Capabilities - T1588 Password Spraying - T1110.003 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Pre-Os Boot - T1542 Process Injection - T1631 Protocol Impersonation - T1001.003 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Resource Hijacking - T1496 Server - T1583.004 Server - T1584.004 Service Stop - T1489 Shortcut Modification - T1547.009 Smb/Windows Admin Shares - T1021.002 Social Media - T1593.001 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Standard Encoding - T1132.001 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 System Shutdown/Reboot - T1529 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Timestomp - T1070.006 Web Protocols - T1071.001 Web Protocols - T1437.001 Windows Service - T1543.003 Web Services - T1583.006 Web Services - T1584.006 Vulnerabilities - T1588.006 Access Token Manipulation - T1134 Account Manipulation - T1098 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Bootkit - T1067 Brute Force - T1110 Command-Line Interface - T1059 Connection Proxy - T1090 Data Encoding - T1132 Data From Local System - T1005 Data Obfuscation - T1001 Data Staged - T1074 Drive-By Compromise - T1189 Exfiltration Over Alternative Protocol - T1048 Exfiltration Over Command And Control Channel - T1041 Exploitation For Client Execution - T1203 Fallback Channels - T1008 File And Directory Discovery - T1083 File Deletion - T1107 Hidden Files And Directories - T1158 Indicator Removal On Host - T1070 Remote File Copy - T1105 Input Capture - T1056 Masquerading - T1036 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote Services - T1021 Shortcut Modification - T1023 Signed Binary Proxy Execution - T1218 Spearphishing Attachment - T1193 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Owner/User Discovery - T1033 System Time Discovery - T1124 Windows Management Instrumentation - T1047 Timestomp - T1099 User Execution - T1204 Data Destruction Drive-By Compromise Indicator Removal On Host Masquerading Service Stop Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	67c7926e-df0b-47b8-b039-9d4f929847ce
Fingerprint	a4158d9385a58ba8
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 7, 2023, 6:26 a.m.
Added to db	Dec. 18, 2024, 10:34 p.m.
Last updated	Dec. 21, 2024, 4:56 a.m.
Headline	Lazarus Group Recent Trends
Title	Lazarus Group Recent Trends - CYFIRMA
Detected Hints/Tags/Attributes	373/4/70

Source URLs

	Redirection	Url
Details	Source	https://www.cyfirma.com/research/lazarus-group-recent-trends/
Details	Redirection	https://www.cyfirma.com/outofband/lazarus-group-recent-trends/

URL Provider

Details	Provider	Source level domain
Details	cyfirma.com	www.cyfirma.com

Attributes

Details	Type	#Events	Value
Details	Mandiant Uncategorized Groups	2	UNC038
Details	Mandiant Uncategorized Groups	1	UNC050
Details	Mandiant Uncategorized Groups	1	UNC048
Details	Mandiant Uncategorized Groups	1	UNC047
Details	Mandiant Uncategorized Groups	1	UNC042
Details	Mandiant Uncategorized Groups	1	UNC039
Details	Mandiant Uncategorized Groups	1	UNC035
Details	Mandiant Uncategorized Groups	1	UNC030
Details	Mandiant Uncategorized Groups	2	UNC029
Details	Mandiant Uncategorized Groups	2	UNC028
Details	MITRE ATT&CK Techniques	89	T1583.001
Details	MITRE ATT&CK Techniques	24	T1583.006
Details	MITRE ATT&CK Techniques	104	T1587.001
Details	MITRE ATT&CK Techniques	21	T1588.004
Details	MITRE ATT&CK Techniques	198	T1189
Details	MITRE ATT&CK Techniques	340	T1566.001
Details	MITRE ATT&CK Techniques	368	T1059.003
Details	MITRE ATT&CK Techniques	259	T1203
Details	MITRE ATT&CK Techniques	406	T1204.002
Details	MITRE ATT&CK Techniques	331	T1047
Details	MITRE ATT&CK Techniques	122	T1098
Details	MITRE ATT&CK Techniques	425	T1547.001
Details	MITRE ATT&CK Techniques	33	T1547.009
Details	MITRE ATT&CK Techniques	193	T1543.003
Details	MITRE ATT&CK Techniques	13	T1542.003
Details	MITRE ATT&CK Techniques	27	T1134.002
Details	MITRE ATT&CK Techniques	63	T1055.001
Details	MITRE ATT&CK Techniques	100	T1564.001
Details	MITRE ATT&CK Techniques	326	T1562.001
Details	MITRE ATT&CK Techniques	80	T1562.004
Details	MITRE ATT&CK Techniques	323	T1070.004
Details	MITRE ATT&CK Techniques	98	T1070.006
Details	MITRE ATT&CK Techniques	192	T1036.005
Details	MITRE ATT&CK Techniques	679	T1027
Details	MITRE ATT&CK Techniques	17	T1218.001
Details	MITRE ATT&CK Techniques	52	T1110.003
Details	MITRE ATT&CK Techniques	133	T1056.001
Details	MITRE ATT&CK Techniques	83	T1010
Details	MITRE ATT&CK Techniques	629	T1083
Details	MITRE ATT&CK Techniques	472	T1057
Details	MITRE ATT&CK Techniques	520	T1012
Details	MITRE ATT&CK Techniques	1062	T1082
Details	MITRE ATT&CK Techniques	259	T1016
Details	MITRE ATT&CK Techniques	92	T1124
Details	MITRE ATT&CK Techniques	245	T1033
Details	MITRE ATT&CK Techniques	176	T1021.001
Details	MITRE ATT&CK Techniques	154	T1021.002
Details	MITRE ATT&CK Techniques	166	T1560
Details	MITRE ATT&CK Techniques	33	T1560.002
Details	MITRE ATT&CK Techniques	13	T1560.003
Details	MITRE ATT&CK Techniques	560	T1005
Details	MITRE ATT&CK Techniques	54	T1074.001
Details	MITRE ATT&CK Techniques	479	T1071.001
Details	MITRE ATT&CK Techniques	109	T1132.001
Details	MITRE ATT&CK Techniques	11	T1001.003
Details	MITRE ATT&CK Techniques	137	T1573.001
Details	MITRE ATT&CK Techniques	46	T1008
Details	MITRE ATT&CK Techniques	523	T1105
Details	MITRE ATT&CK Techniques	120	T1571
Details	MITRE ATT&CK Techniques	38	T1090.002
Details	MITRE ATT&CK Techniques	24	T1048.003
Details	MITRE ATT&CK Techniques	457	T1041
Details	MITRE ATT&CK Techniques	101	T1485
Details	MITRE ATT&CK Techniques	32	T1491.001
Details	MITRE ATT&CK Techniques	12	T1561.001
Details	MITRE ATT&CK Techniques	17	T1561.002
Details	MITRE ATT&CK Techniques	108	T1496
Details	MITRE ATT&CK Techniques	209	T1489
Details	MITRE ATT&CK Techniques	53	T1529
Details	Threat Actor Identifier - APT	178	APT38