APT Lazarus: Eager Crypto Beavers, Video calls and Games
Sept. 9, 2024, 8:25 a.m.
Tags
External References
Description
Group-ib explored the growing threats posed by the Lazarus Group's financially-driven campaign against developers. Group-ib examined their recent Python scripts, including the CivetQ and BeaverTail malware variants, along with their updated versions in Windows and Python releases. Additionally, they analyzed their tactics, techniques, and indicators of compromise.
Date
Published: Sept. 9, 2024, 7:53 a.m.
Created: Sept. 9, 2024, 7:53 a.m.
Modified: Sept. 9, 2024, 8:25 a.m.
Indicators
de6f9e9e2ce58a604fe22a9d42144191cfc90b4e0048dffcc69d696826ff7170
fd9e8fcc5bda88870b12b47cbb1cc8775ccff285f980c4a2b683463b26e36bf0
ddc4162a71f13cc39519c0f8917b960f3536c47be710bde010bb6e87afe16bc5
dcde59721b78e6797ee7f79c0e19c4a1c5a7806d20cbfa4a6ebb8efca189baf3
d8806fb404bf29e4a3941c912cbb48553ad5340e1b7195a94e6abf8d75b9102c
d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6
d502f822e6c52345227b64e3c326e2dbefdd8fc3f844df0821598f8d3732f763
d356a0668a0f7827d8041eaebdbc003a5b96fe0d82a353ab802dab31bdc5c323
ce572304131bd7c4fd34c3a919de403007c842d9c225d080b4ac31e7c8da606e
cd13a9c92210ada940a44769874dd6716f85c4e4e9d7323ec5789c7b253d937d
c373c4c2922f7ca49e2cf5670052d071b15649164ed32a321b7c6fb1a7f2ca6b
c19cdedf8f800d2eeccd5094d7d054dcc00a998356eeae822c14a25f0ce400f2
c0110cb21ae0e7fb5dec83ca90db9e250b47a394662810f230eb621b0728aa97
b8e69d6a766b9088d650e850a638d7ab7c9f59f4e24e2bc8eac41c380876b0d8
b653153a94c275f8f1156298c905b86943cb2a63c8b2211e65cf2a1a671c98d1
b378d389fd31c6cb65fc85ea960b609049c5f97266cafcbfc6d261fa09355cc0
a87b6664b718a9985267f9670e10339372419b320aa3d3da350f9f71dff35dd1
a6c9f8c06fdb15de26656e5e490990984634e2c1c05232d3260c29970f9dd6f3
9e3a9dbf10793a27361b3cef4d2c87dbd3662646f4470e5242074df4cb96c6b4
9abf6b93eafb797a3556bea1fe8a3b7311d2864d5a9a3687fce84bc1ec4a428c
9742da5b33866edb8b280fe10909f3f60bc5bf3a33e918d9889e4552f5ce25e3
9110515c2d5f6f48871f0631f411d55f2f0307286e6678952f5d86abe5ce11a9
887594f18cdbbae4ceef62572e813810b75c8edfb3c4971097d8f8a74f9f103c
7f13ca9848086e3de9be971ea8d44ea97ec289c4565ce35b0049c8b534fccbef
7e378c2f0a92c355473b2e2d25d6df9d075ccf89048f7ab10dd4d30c2243a6b1
7180f5a1c2554b77b4c21a727cca65cc0f9f023f6cac05b295d7172dad07023f
64b1aca7b36e662132ae60c2d2df6ea5872239d2b2632d88fdf1b1f383e0d446
47e876110f5e478a739ca3ad034707c1011c89d3a73a1047d0bfa5359a9cfe4b
36cac29ff3c503c2123514ea903836d5ad81067508a8e16f7947e3e675a08670
306adab1769c48e09e5a637c82b6b32cd57e4895cc727860f02b558f406e7f34
301678669e05064d13f1912caae530f0b23f5c83a98352e4b0b53a19128a40cf
2f86acdfdf19c1719189fb121cc9391453d83989aa5c07d4144c9fb6585610cc
2ed5e202190df967c06750ba11aa8486c309e21875594a68f3dff3abb01f569d
2a8c90885a8bea74cfe918f3ac6b939990e5ff25434a8c70f7a67d42e03936bd
24b89c77eaeebd4b02c8e8ab6ad3bd7abaa18893ecd469a6a04eda5e374dd305
23b2df9ae70e592c6d82ee1aa1edd00aee982fc2df859f813224a0c908106789
1be03204709c037378ae96197700148303875a99b8f14838bdabfaceed5693e4
1e5d3ee4c0eb6d67f6bc812cf492c53683962252ddb6ac5285ed251ab4a48ddc
14e52430f1d1fa390973294d50849ee500061758721c8e28424871812d237132
0f5f0a3ac843df675168f82021c24180ea22f764f87f82f9f77fe8f0ba0b7132
06384aedc3614ee73cc7319e30975fca00d43981b626ba5f2b993a254e20d818
0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd
0620a7fa8c6e416d96fe3d3baf4cd925b1a72ce1db8d3eacfb1e10c5fe434962
01b7306554f6e6bac63f5524588ff5c880b5afb4394074d1c132ecc554c72c83
0049e2f4f746aa0ec1713cb83dbf8e30d535c01e7b7f10133ae14da0c6a68d69
000b4a77b1905cabdb59d2b576f6da1b2ef55a0258004e4a9e290e9f41fb6923
95.164.17.24
45.61.160.14
45.140.147.208
23.106.253.194
185.235.241.208
172.86.98.240
172.86.98.143
172.86.97.80
172.86.123.35
167.88.36.13
167.88.168.24
167.88.168.152
147.124.214.129
147.124.213.11
147.124.213.29
147.124.212.89
147.124.212.146
144.172.79.23
144.172.74.48
91.92.120.135
67.203.7.245
45.61.169.187
45.61.131.218
147.124.214.237
77.37.37.81
67.203.7.171
173.211.106.101
147.124.214.131
http://regioncheck.net
http://mirotalk.net
http://ipcheck.cloud
http://freeconference.io
http://45.61.130.0
http://45.61.129.255
regioncheck.net
mirotalk.net
ipcheck.cloud
freeconference.io
blocktestingto.com
Attack Patterns
CivetQ
BeaverTail
Lazarus Group
T1555.005
T1555.001
T1608.001
T1059.006
T1555.003
T1115
T1571
T1547.001
T1059.007
T1056.001
T1071.001
T1543.001
T1204.002
T1082
T1105
T1543
T1132
T1033
T1560
T1566