APT-C-26 (Lazarus)
· Published 21/12/2025 00:49 · Modified 21/12/2025 00:49
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 00:49
- Modified
- 21/12/2025 00:49
- Updated at
- 21/12/2025 00:49
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 4 reports, 43 attack patterns (mitre), 4 malware, 5 sectors, 38 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (4)
-
1 APTPublished 21/11/2025 22:11 · Modified 21/11/2025 22:36
-
13 MITREs 1 APTPublished 22/01/2025 09:10 · Modified 22/01/2025 09:46
-
11 MITREs 3 Malwares 3 Observables 1 APTPublished 02/01/2025 15:25 · Modified 02/01/2025 15:31
-
10 MITREs 1 Malware 28 Observables 1 APTPublished 08/07/2024 10:50 · Modified 08/07/2024 10:56
Attack patterns (MITRE) (43)
-
T1102.002 usesBidirectional Communication
-
T1132.001 usesStandard Encoding
-
T1562 usesImpair Defenses
-
T1559
-
T1566 usesPhishing
-
T1571 usesNon-Standard Port
-
T1105 usesIngress Tool Transfer
-
T1036 usesMasquerading
-
T1070 usesIndicator Removal
-
BITS Jobs usesT1197
-
T1134 usesAccess Token Manipulation
-
T1064 usesScripting
-
T1573 usesEncrypted Channel
-
T1082 usesSystem Information Discovery
-
T1547 usesBoot or Logon Autostart Execution
-
T1057 usesProcess Discovery
-
T1093 uses
-
T1112 usesModify Registry
-
T1021 usesRemote Services
-
T1113 usesScreen Capture
-
T1041 usesExfiltration Over C2 Channel
-
T1132 usesData Encoding
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1078 usesValid Accounts
-
T1027 usesObfuscated Files or Information
-
T1553 usesSubvert Trust Controls
-
T1497 usesVirtualization/Sandbox Evasion
-
T1115 usesClipboard Data
-
T1204.002 usesMalicious File
-
T1055 usesProcess Injection
-
T1095 usesNon-Application Layer Protocol
-
T1056 usesInput Capture
-
T1099 uses
-
T1090 usesProxy
-
T1204 usesUser Execution
-
T1005 usesData from Local System
-
T1568 usesDynamic Resolution
-
T1059 usesCommand and Scripting Interpreter
-
T1001 usesData Obfuscation
-
T1195 usesSupply Chain Compromise
-
T1071 usesApplication Layer Protocol
-
TA0011 uses
-
T1573.001 usesSymmetric Cryptography
Malware (4)
-
Loader1.dll usesFamilyPublished 02/01/2025 15:25 · Modified 02/01/2025 15:25
-
Dll64.dll usesFamilyPublished 02/01/2025 15:25 · Modified 02/01/2025 15:25
-
ATT_Loader_DLL.dll usesFamilyPublished 02/01/2025 15:25 · Modified 02/01/2025 15:25
-
Comebacker usesFamilyPublished 10/11/2025 11:12 · Modified 10/11/2025 11:12
Sectors (5)
- Defense targets
- Government targets
- Finance targets
- Technology targets
- Aerospace targets
Indicators (38)
-
24b89c77eaeebd4b02c8e8ab6ad3bd7abaa18893ecd469a6a04eda5e374dd305indicates -
http://91.206.178.125:80indicates -
1a9cea5e43cfe6377b20f09becf8547deba702718d1ee220ef677f53f30e820dindicates -
01c5836655c6a4212676c78ec96c0ac6b778a411e61a2da1f545eba8f784e980indicates -
973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053cindicates -
jdkgradle.comindicates -
www.rowdensurname.orgindicates -
c56c94e21913b2df4be293001da84c3bb20badf823ccf5b6a396f5f49df5efffindicates -
173e6bc33efc7a03da06bf5f8686a89bbed54b6fc8a4263035b7950ed3886179indicates -
cryptocedia.comindicates -
69074ed2c9c0e89d30217ef872e0ee96c34e7bbbd5aaf3380d9ce5acb45c1041indicates -
378e21bdaf18fe92b3f8ad9bef04dadd57a4271a4a5d4e00c9d73174695a07a2indicates -
http://91.206.178.125/upload/upload.aspindicates -
https://cryptocedia.com/upgrade/latest.aspindicates -
3ab6e6fc888e4df602eff1c5bc24f3e976215d1e4a58f963834e5b225a3821f5indicates -
33be1a646e5ed46aa707455637e2116715592d1ef63feafb0fd2f66c872a634dindicates -
pypi.onlineindicates -
70c5b64589277ace59db86d19d846a9236214b48aacabbaf880f2b6355ab5260indicates -
17d3593519f6a016879093bfb7cc63070646951191e28c1dfad52942099f59ccindicates -
angeldonationblog.comindicates -
31cc9820037fe45e0f27ea594b9f4c85ce4eaa9b95ae2a802cf7753e142afe85indicates -
a5caf7e9afc5c034c72f50c831822ee54a307a04fef2d75a21094ef28ff1b306indicates -
2c8f00824ca2b4ddb4e2e910ee042ba46a570984d1bc094f0014655d883b8519indicates -
b4c8c149005a43ae043038d4d62631dc1a0f57514c7cbf4f7726add7ec67981aindicates -
36cac29ff3c503c2123514ea903836d5ad81067508a8e16f7947e3e675a08670indicates -
e9d478dca6ce1b642abfdb94af21f0d567594479a14d3780e148400649591fcfindicates -
6bba8f488c23a0e0f753ac21cd83ddeac5c4d14b70d4426d7cdeebdf813a1094indicates -
chaingrown.comindicates -
b8e69d6a766b9088d650e850a638d7ab7c9f59f4e24e2bc8eac41c380876b0d8indicates -
fasttet.comindicates -
8fb6d8a5013bd3a36c605031e86fd1f6bb7c3fdba722e58ee2f4769a820b86b0indicates -
60c080a29f58cf861f5e7c7fc5e5bddc7e63dd1db0badc06729d91f65957e9ceindicates -
arcashop.orgindicates -
26437bc68133c2ca09bb56bc011dd1b713f8ee40a2acc2488b102dd037641c6eindicates -
956d2ed558e3c6e447e3d4424d6b14e81f74b63762238e84069f9a7610aa2531indicates -
000b4a77b1905cabdb59d2b576f6da1b2ef55a0258004e4a9e290e9f41fb6923indicates -
blockchain-newtech.comindicates -
b4a04b450bb7cae5ea578e79ae9d0f203711c18c3f3a6de9900d2bdfaa4e7f67indicates