Back

APT Lazarus: Eager Crypto Beavers, Video calls and Games

Sept. 9, 2024, 8:25 a.m.

Tags

apt
lazarus
2024-09-09
beavertail
civetq

External References

https://www.group-ib.com/

https://otx.alienvault.com/

Description

Group-ib explored the growing threats posed by the Lazarus Group's financially-driven campaign against developers. Group-ib examined their recent Python scripts, including the CivetQ and BeaverTail malware variants, along with their updated versions in Windows and Python releases. Additionally, they analyzed their tactics, techniques, and indicators of compromise.

Date

Published Created Modified
Sept. 9, 2024, 7:53 a.m. Sept. 9, 2024, 7:53 a.m. Sept. 9, 2024, 8:25 a.m.

Indicators

de6f9e9e2ce58a604fe22a9d42144191cfc90b4e0048dffcc69d696826ff7170

fd9e8fcc5bda88870b12b47cbb1cc8775ccff285f980c4a2b683463b26e36bf0

ddc4162a71f13cc39519c0f8917b960f3536c47be710bde010bb6e87afe16bc5

dcde59721b78e6797ee7f79c0e19c4a1c5a7806d20cbfa4a6ebb8efca189baf3

d8806fb404bf29e4a3941c912cbb48553ad5340e1b7195a94e6abf8d75b9102c

d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6

d502f822e6c52345227b64e3c326e2dbefdd8fc3f844df0821598f8d3732f763

d356a0668a0f7827d8041eaebdbc003a5b96fe0d82a353ab802dab31bdc5c323

ce572304131bd7c4fd34c3a919de403007c842d9c225d080b4ac31e7c8da606e

cd13a9c92210ada940a44769874dd6716f85c4e4e9d7323ec5789c7b253d937d

c373c4c2922f7ca49e2cf5670052d071b15649164ed32a321b7c6fb1a7f2ca6b

c19cdedf8f800d2eeccd5094d7d054dcc00a998356eeae822c14a25f0ce400f2

c0110cb21ae0e7fb5dec83ca90db9e250b47a394662810f230eb621b0728aa97

b8e69d6a766b9088d650e850a638d7ab7c9f59f4e24e2bc8eac41c380876b0d8

b653153a94c275f8f1156298c905b86943cb2a63c8b2211e65cf2a1a671c98d1

b378d389fd31c6cb65fc85ea960b609049c5f97266cafcbfc6d261fa09355cc0

a87b6664b718a9985267f9670e10339372419b320aa3d3da350f9f71dff35dd1

a6c9f8c06fdb15de26656e5e490990984634e2c1c05232d3260c29970f9dd6f3

9e3a9dbf10793a27361b3cef4d2c87dbd3662646f4470e5242074df4cb96c6b4

9abf6b93eafb797a3556bea1fe8a3b7311d2864d5a9a3687fce84bc1ec4a428c

9742da5b33866edb8b280fe10909f3f60bc5bf3a33e918d9889e4552f5ce25e3

9110515c2d5f6f48871f0631f411d55f2f0307286e6678952f5d86abe5ce11a9

887594f18cdbbae4ceef62572e813810b75c8edfb3c4971097d8f8a74f9f103c

7f13ca9848086e3de9be971ea8d44ea97ec289c4565ce35b0049c8b534fccbef

7e378c2f0a92c355473b2e2d25d6df9d075ccf89048f7ab10dd4d30c2243a6b1

7180f5a1c2554b77b4c21a727cca65cc0f9f023f6cac05b295d7172dad07023f

64b1aca7b36e662132ae60c2d2df6ea5872239d2b2632d88fdf1b1f383e0d446

47e876110f5e478a739ca3ad034707c1011c89d3a73a1047d0bfa5359a9cfe4b

36cac29ff3c503c2123514ea903836d5ad81067508a8e16f7947e3e675a08670

306adab1769c48e09e5a637c82b6b32cd57e4895cc727860f02b558f406e7f34

301678669e05064d13f1912caae530f0b23f5c83a98352e4b0b53a19128a40cf

2f86acdfdf19c1719189fb121cc9391453d83989aa5c07d4144c9fb6585610cc

2ed5e202190df967c06750ba11aa8486c309e21875594a68f3dff3abb01f569d

2a8c90885a8bea74cfe918f3ac6b939990e5ff25434a8c70f7a67d42e03936bd

24b89c77eaeebd4b02c8e8ab6ad3bd7abaa18893ecd469a6a04eda5e374dd305

23b2df9ae70e592c6d82ee1aa1edd00aee982fc2df859f813224a0c908106789

1be03204709c037378ae96197700148303875a99b8f14838bdabfaceed5693e4

1e5d3ee4c0eb6d67f6bc812cf492c53683962252ddb6ac5285ed251ab4a48ddc

14e52430f1d1fa390973294d50849ee500061758721c8e28424871812d237132

0f5f0a3ac843df675168f82021c24180ea22f764f87f82f9f77fe8f0ba0b7132

06384aedc3614ee73cc7319e30975fca00d43981b626ba5f2b993a254e20d818

0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd

0620a7fa8c6e416d96fe3d3baf4cd925b1a72ce1db8d3eacfb1e10c5fe434962

01b7306554f6e6bac63f5524588ff5c880b5afb4394074d1c132ecc554c72c83

0049e2f4f746aa0ec1713cb83dbf8e30d535c01e7b7f10133ae14da0c6a68d69

000b4a77b1905cabdb59d2b576f6da1b2ef55a0258004e4a9e290e9f41fb6923

95.164.17.24

45.61.160.14

45.140.147.208

23.106.253.194

185.235.241.208

172.86.98.240

172.86.98.143

172.86.97.80

172.86.123.35

167.88.36.13

167.88.168.24

167.88.168.152

147.124.214.129

147.124.213.11

147.124.213.29

147.124.212.89

147.124.212.146

144.172.79.23

144.172.74.48

91.92.120.135

67.203.7.245

45.61.169.187

45.61.131.218

147.124.214.237

77.37.37.81

67.203.7.171

173.211.106.101

147.124.214.131

http://regioncheck.net

http://mirotalk.net

http://ipcheck.cloud

http://freeconference.io

http://45.61.130.0

http://45.61.129.255

Attack Patterns

CivetQ

BeaverTail

Lazarus Group

T1555.005

T1555.001

T1608.001

T1059.006

T1555.003

T1115

T1571

T1547.001

T1059.007

T1056.001

T1071.001

T1543.001

T1204.002

T1082

T1105

T1543

T1132

T1033

T1560

T1566