APT Lazarus: Eager Crypto Beavers, Video calls and Games
· Published 09/09/2024 07:53 · Modified 09/09/2024 08:25
Essential information
- Published
- 09/09/2024 07:53
- Modified
- 09/09/2024 08:25
- Tags
- 2024-09-09 apt beavertail civetq lazarus
- Related entities
- 85 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 malware
Description
Group-ib explored the growing threats posed by the Lazarus Group's financially-driven campaign against developers. Group-ib examined their recent Python scripts, including the CivetQ and BeaverTail malware variants, along with their updated versions in Windows and Python releases. Additionally, they analyzed their tactics, techniques, and indicators of compromise.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Observables (85)
95.164.17.2445.61.160.1445.140.147.20823.106.253.194185.235.241.208172.86.98.240172.86.98.143172.86.97.80172.86.123.35167.88.36.13167.88.168.24167.88.168.152147.124.214.129147.124.213.11147.124.213.29147.124.212.89147.124.212.146144.172.79.23144.172.74.4891.92.120.13567.203.7.24545.61.169.18745.61.131.218147.124.214.23777.37.37.8167.203.7.171173.211.106.101147.124.214.131http://regioncheck.nethttp://mirotalk.nethttp://ipcheck.cloudhttp://freeconference.iohttp://45.61.130.0http://45.61.129.255regioncheck.netmirotalk.netipcheck.cloudfreeconference.ioblocktestingto.comde6f9e9e2ce58a604fe22a9d42144191cfc90b4e0048dffcc69d696826ff7170fd9e8fcc5bda88870b12b47cbb1cc8775ccff285f980c4a2b683463b26e36bf0ddc4162a71f13cc39519c0f8917b960f3536c47be710bde010bb6e87afe16bc5dcde59721b78e6797ee7f79c0e19c4a1c5a7806d20cbfa4a6ebb8efca189baf3d8806fb404bf29e4a3941c912cbb48553ad5340e1b7195a94e6abf8d75b9102cd5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6d502f822e6c52345227b64e3c326e2dbefdd8fc3f844df0821598f8d3732f763d356a0668a0f7827d8041eaebdbc003a5b96fe0d82a353ab802dab31bdc5c323ce572304131bd7c4fd34c3a919de403007c842d9c225d080b4ac31e7c8da606ecd13a9c92210ada940a44769874dd6716f85c4e4e9d7323ec5789c7b253d937dc373c4c2922f7ca49e2cf5670052d071b15649164ed32a321b7c6fb1a7f2ca6bc19cdedf8f800d2eeccd5094d7d054dcc00a998356eeae822c14a25f0ce400f2c0110cb21ae0e7fb5dec83ca90db9e250b47a394662810f230eb621b0728aa97b8e69d6a766b9088d650e850a638d7ab7c9f59f4e24e2bc8eac41c380876b0d8b653153a94c275f8f1156298c905b86943cb2a63c8b2211e65cf2a1a671c98d1b378d389fd31c6cb65fc85ea960b609049c5f97266cafcbfc6d261fa09355cc0a87b6664b718a9985267f9670e10339372419b320aa3d3da350f9f71dff35dd1a6c9f8c06fdb15de26656e5e490990984634e2c1c05232d3260c29970f9dd6f39e3a9dbf10793a27361b3cef4d2c87dbd3662646f4470e5242074df4cb96c6b49abf6b93eafb797a3556bea1fe8a3b7311d2864d5a9a3687fce84bc1ec4a428c9742da5b33866edb8b280fe10909f3f60bc5bf3a33e918d9889e4552f5ce25e39110515c2d5f6f48871f0631f411d55f2f0307286e6678952f5d86abe5ce11a9887594f18cdbbae4ceef62572e813810b75c8edfb3c4971097d8f8a74f9f103c7f13ca9848086e3de9be971ea8d44ea97ec289c4565ce35b0049c8b534fccbef7e378c2f0a92c355473b2e2d25d6df9d075ccf89048f7ab10dd4d30c2243a6b17180f5a1c2554b77b4c21a727cca65cc0f9f023f6cac05b295d7172dad07023f64b1aca7b36e662132ae60c2d2df6ea5872239d2b2632d88fdf1b1f383e0d44647e876110f5e478a739ca3ad034707c1011c89d3a73a1047d0bfa5359a9cfe4b36cac29ff3c503c2123514ea903836d5ad81067508a8e16f7947e3e675a08670306adab1769c48e09e5a637c82b6b32cd57e4895cc727860f02b558f406e7f34301678669e05064d13f1912caae530f0b23f5c83a98352e4b0b53a19128a40cf2f86acdfdf19c1719189fb121cc9391453d83989aa5c07d4144c9fb6585610cc2ed5e202190df967c06750ba11aa8486c309e21875594a68f3dff3abb01f569d2a8c90885a8bea74cfe918f3ac6b939990e5ff25434a8c70f7a67d42e03936bd24b89c77eaeebd4b02c8e8ab6ad3bd7abaa18893ecd469a6a04eda5e374dd30523b2df9ae70e592c6d82ee1aa1edd00aee982fc2df859f813224a0c9081067891be03204709c037378ae96197700148303875a99b8f14838bdabfaceed5693e41e5d3ee4c0eb6d67f6bc812cf492c53683962252ddb6ac5285ed251ab4a48ddc14e52430f1d1fa390973294d50849ee500061758721c8e28424871812d2371320f5f0a3ac843df675168f82021c24180ea22f764f87f82f9f77fe8f0ba0b713206384aedc3614ee73cc7319e30975fca00d43981b626ba5f2b993a254e20d8180621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd0620a7fa8c6e416d96fe3d3baf4cd925b1a72ce1db8d3eacfb1e10c5fe43496201b7306554f6e6bac63f5524588ff5c880b5afb4394074d1c132ecc554c72c830049e2f4f746aa0ec1713cb83dbf8e30d535c01e7b7f10133ae14da0c6a68d69000b4a77b1905cabdb59d2b576f6da1b2ef55a0258004e4a9e290e9f41fb6923
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[Lazarus Group](https://attack.mitre.org/groups/G0032) is a North Korean state-sponsored cyber threat group attributed to the Reconnaissance General Bureau (RGB). (Citation: US-CERT HIDDEN COBRA June 2017) (Citation: Treasury North Korean Cyber …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:13
Techniques (MITRE) (20)
-
Password Managers
-
Keychain
-
Upload Malware
-
Python
-
Credentials from Web Browsers
-
Clipboard Data
-
Non-Standard Port
-
Registry Run Keys / Startup Folder
-
JavaScript
-
Keylogging
-
Web Protocols
-
Launch Agent
-
Malicious File
-
System Information Discovery
-
Ingress Tool Transfer
-
Create or Modify System Process
-
Data Encoding
-
System Owner/User Discovery
-
Archive Collected Data
-
Phishing
Malware (2)
-
FamilyPublished 09/09/2024 07:53 · Modified 09/09/2024 07:53
-
FamilyPublished 21/04/2026 12:09 · Modified 21/04/2026 12:09