{ "name": "APT Lazarus: Eager Crypto Beavers, Video calls and Games", "slug": "apt-lazarus-eager-crypto-beavers-video-calls-and-games", "description": "Group-ib explored the growing threats posed by the Lazarus Group's financially-driven campaign against developers. Group-ib examined their recent Python scripts, including the CivetQ and BeaverTail malware variants, along with their updated versions in Windows and Python releases. Additionally, they analyzed their tactics, techniques, and indicators of compromise.", "published": "2024-09-09T05:53:47+00:00", "created_at": "2024-09-09T05:53:47+00:00", "modified_at": "2024-09-09T06:25:58+00:00", "created_at_opencti": "2024-09-09T05:53:47+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-09-09", "apt", "beavertail", "civetq", "lazarus" ], "related_entities": { "observables": [ { "id": "", "name": "95.164.17.24" }, { "id": "", "name": "45.61.160.14" }, { "id": "", "name": "45.140.147.208" }, { "id": "", "name": "23.106.253.194" }, { "id": "", "name": "185.235.241.208" }, { "id": "", "name": "172.86.98.240" }, { "id": "", "name": "172.86.98.143" }, { "id": "", "name": "172.86.97.80" }, { "id": "", "name": "172.86.123.35" }, { "id": "", "name": "167.88.36.13" }, { "id": "", "name": "167.88.168.24" }, { "id": "", "name": "167.88.168.152" }, { "id": "", "name": "147.124.214.129" }, { "id": "", "name": "147.124.213.11" }, { "id": "", "name": "147.124.213.29" }, { "id": "", "name": "147.124.212.89" }, { "id": "", "name": "147.124.212.146" }, { "id": "", "name": "144.172.79.23" }, { "id": "", "name": "144.172.74.48" }, { "id": "", "name": "91.92.120.135" }, { "id": "", "name": "67.203.7.245" }, { "id": "", "name": "45.61.169.187" }, { "id": "", "name": "45.61.131.218" }, { "id": "", "name": "147.124.214.237" }, { "id": "", "name": "77.37.37.81" }, { "id": "", "name": "67.203.7.171" }, { "id": "", "name": "173.211.106.101" }, { "id": "", "name": "147.124.214.131" }, { "id": "", "name": "http://regioncheck.net" }, { "id": "", "name": "http://mirotalk.net" }, { "id": "", "name": "http://ipcheck.cloud" }, { "id": "", "name": "http://freeconference.io" }, { "id": "", "name": "http://45.61.130.0" }, { "id": "", "name": "http://45.61.129.255" }, { "id": "", "name": "regioncheck.net" }, { "id": "", "name": "mirotalk.net" }, { "id": "", "name": "ipcheck.cloud" }, { "id": "", "name": "freeconference.io" }, { "id": "", "name": "blocktestingto.com" }, { "id": "", "name": "de6f9e9e2ce58a604fe22a9d42144191cfc90b4e0048dffcc69d696826ff7170" }, { "id": "", "name": "fd9e8fcc5bda88870b12b47cbb1cc8775ccff285f980c4a2b683463b26e36bf0" }, { "id": "", "name": "ddc4162a71f13cc39519c0f8917b960f3536c47be710bde010bb6e87afe16bc5" }, { "id": "", "name": "dcde59721b78e6797ee7f79c0e19c4a1c5a7806d20cbfa4a6ebb8efca189baf3" }, { "id": "", "name": "d8806fb404bf29e4a3941c912cbb48553ad5340e1b7195a94e6abf8d75b9102c" }, { "id": "", "name": "d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6" }, { "id": "", "name": "d502f822e6c52345227b64e3c326e2dbefdd8fc3f844df0821598f8d3732f763" }, { "id": "", "name": "d356a0668a0f7827d8041eaebdbc003a5b96fe0d82a353ab802dab31bdc5c323" }, { "id": "", "name": "ce572304131bd7c4fd34c3a919de403007c842d9c225d080b4ac31e7c8da606e" }, { "id": "", "name": "cd13a9c92210ada940a44769874dd6716f85c4e4e9d7323ec5789c7b253d937d" }, { "id": "", "name": "c373c4c2922f7ca49e2cf5670052d071b15649164ed32a321b7c6fb1a7f2ca6b" }, { "id": "", "name": "c19cdedf8f800d2eeccd5094d7d054dcc00a998356eeae822c14a25f0ce400f2" }, { "id": "", "name": "c0110cb21ae0e7fb5dec83ca90db9e250b47a394662810f230eb621b0728aa97" }, { "id": "", "name": "b8e69d6a766b9088d650e850a638d7ab7c9f59f4e24e2bc8eac41c380876b0d8" }, { "id": "", "name": "b653153a94c275f8f1156298c905b86943cb2a63c8b2211e65cf2a1a671c98d1" }, { "id": "", "name": "b378d389fd31c6cb65fc85ea960b609049c5f97266cafcbfc6d261fa09355cc0" }, { "id": "", "name": "a87b6664b718a9985267f9670e10339372419b320aa3d3da350f9f71dff35dd1" }, { "id": "", "name": "a6c9f8c06fdb15de26656e5e490990984634e2c1c05232d3260c29970f9dd6f3" }, { "id": "", "name": "9e3a9dbf10793a27361b3cef4d2c87dbd3662646f4470e5242074df4cb96c6b4" }, { "id": "", "name": "9abf6b93eafb797a3556bea1fe8a3b7311d2864d5a9a3687fce84bc1ec4a428c" }, { "id": "", "name": "9742da5b33866edb8b280fe10909f3f60bc5bf3a33e918d9889e4552f5ce25e3" }, { "id": "", "name": "9110515c2d5f6f48871f0631f411d55f2f0307286e6678952f5d86abe5ce11a9" }, { "id": "", "name": "887594f18cdbbae4ceef62572e813810b75c8edfb3c4971097d8f8a74f9f103c" }, { "id": "", "name": "7f13ca9848086e3de9be971ea8d44ea97ec289c4565ce35b0049c8b534fccbef" }, { "id": "", "name": "7e378c2f0a92c355473b2e2d25d6df9d075ccf89048f7ab10dd4d30c2243a6b1" }, { "id": "", "name": "7180f5a1c2554b77b4c21a727cca65cc0f9f023f6cac05b295d7172dad07023f" }, { "id": "", "name": "64b1aca7b36e662132ae60c2d2df6ea5872239d2b2632d88fdf1b1f383e0d446" }, { "id": "", "name": "47e876110f5e478a739ca3ad034707c1011c89d3a73a1047d0bfa5359a9cfe4b" }, { "id": "", "name": "36cac29ff3c503c2123514ea903836d5ad81067508a8e16f7947e3e675a08670" }, { "id": "", "name": "306adab1769c48e09e5a637c82b6b32cd57e4895cc727860f02b558f406e7f34" }, { "id": "", "name": "301678669e05064d13f1912caae530f0b23f5c83a98352e4b0b53a19128a40cf" }, { "id": "", "name": "2f86acdfdf19c1719189fb121cc9391453d83989aa5c07d4144c9fb6585610cc" }, { "id": "", "name": "2ed5e202190df967c06750ba11aa8486c309e21875594a68f3dff3abb01f569d" }, { "id": "", "name": "2a8c90885a8bea74cfe918f3ac6b939990e5ff25434a8c70f7a67d42e03936bd" }, { "id": "", "name": "24b89c77eaeebd4b02c8e8ab6ad3bd7abaa18893ecd469a6a04eda5e374dd305" }, { "id": "", "name": "23b2df9ae70e592c6d82ee1aa1edd00aee982fc2df859f813224a0c908106789" }, { "id": "", "name": "1be03204709c037378ae96197700148303875a99b8f14838bdabfaceed5693e4" }, { "id": "", "name": "1e5d3ee4c0eb6d67f6bc812cf492c53683962252ddb6ac5285ed251ab4a48ddc" }, { "id": "", "name": "14e52430f1d1fa390973294d50849ee500061758721c8e28424871812d237132" }, { "id": "", "name": "0f5f0a3ac843df675168f82021c24180ea22f764f87f82f9f77fe8f0ba0b7132" }, { "id": "", "name": "06384aedc3614ee73cc7319e30975fca00d43981b626ba5f2b993a254e20d818" }, { "id": "", "name": "0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd" }, { "id": "", "name": "0620a7fa8c6e416d96fe3d3baf4cd925b1a72ce1db8d3eacfb1e10c5fe434962" }, { "id": "", "name": "01b7306554f6e6bac63f5524588ff5c880b5afb4394074d1c132ecc554c72c83" }, { "id": "", "name": "0049e2f4f746aa0ec1713cb83dbf8e30d535c01e7b7f10133ae14da0c6a68d69" }, { "id": "", "name": "000b4a77b1905cabdb59d2b576f6da1b2ef55a0258004e4a9e290e9f41fb6923" } ], "malware": [ { "id": "legacy:malware:7628929a5ac2ded5", "name": "CivetQ", "slug": "civetq" }, { "id": "legacy:malware:ce7dee528bdb0d1e", "name": "BeaverTail", "slug": "beavertail" } ], "intrusion_sets": [ { "id": "f84d0d4c-ec28-4155-b729-8e2c337a0d90", "name": "Lazarus Group", "slug": "lazarus-group" } ], "attack_patterns": [ { "id": "535a45a7-819f-46fa-947a-c9eabd27c419", "name": "T1555.005" }, { "id": "759720f6-8f0f-4017-ab21-7ac30d0bf46f", "name": "T1555.001" }, { "id": "ef72da1d-2eaa-4d94-8913-06978609cfb4", "name": "T1608.001" }, { "id": "7671fe3e-6a85-463e-928d-16117d2f4f9b", "name": "T1059.006" }, { "id": "b7ba0db0-7d4f-436f-8d5f-c431d690b048", "name": "T1555.003" }, { "id": "f4a450ef-8297-42e5-9e47-01162138baa2", "name": "T1115" }, { "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee", "name": "T1571" }, { "id": "5999052b-e9ae-49e8-9235-d9bf975c22af", "name": "T1547.001" }, { "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2", "name": "T1059.007" }, { "id": "667462db-9031-48eb-893a-05d35f9330a7", "name": "T1056.001" }, { "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f", "name": "T1071.001" }, { "id": "880d45b0-e336-4f1a-8893-2796195f5500", "name": "T1543.001" }, { "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6", "name": "T1204.002" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571", "name": "T1105" }, { "id": "af9ed2e3-4663-4723-beab-c606ddc312e0", "name": "T1543" }, { "id": "81ee4813-4f68-4984-bec1-980d7c5b56eb", "name": "T1132" }, { "id": "5b7c66d1-0466-4ba7-af6f-eb82c2f9d05b", "name": "T1033" }, { "id": "31d29704-da1c-47ea-b93f-76d368813bdf", "name": "T1560" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" } ] }, "external_refs": [ "https://www.group-ib.com/blog/apt-lazarus-python-scripts/", "https://otx.alienvault.com/pulse/66dea98c7a5546e0f0c0b47a" ] }