← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Lazarus APT updates its toolset in watering hole attacks | Securelist
WHITE Lazarus CyberHunter_NL 2025-04-28 Modified: 2025-05-28
26
IOCs
MEDIUM VOLUME
Security firm Kaspersky says it has identified and identified the malicious tools used by the Russian cyber-attack group, Lazarus, in a series of attacks targeting South Korean companies and government institutions over the past year.
aptinfrastructurelazarusmalwaremalware descriptionsmalware technologiesmitre att&cksupply-chain attacktargeted attacksvulnerabilities and exploitswatering hole attackszero-day vulnerabilitieslazarus groupsouth koreasignbtthreatneedleinnorix agentcross exc2 serverkrcertlpeclientcopperhedgefebruarygateloadercorehellmysterysnailironhuskywagentagamemnon
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
SIGNBT wAgent COPPERHEDGE ThreatNeedle Agamemnon
Indicators of Compromise (26)
All CVE FileHash-MD5 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2019-0797 2025-04-28
CVE CVE-2019-0859 2025-04-28
FileHash-MD5 2d47ef0089010d9b699cd1bbbc66f10a 2025-04-28
FileHash-MD5 dc0e17879d66ea9409cdf679bfea388c 2025-04-28
FileHash-MD5 f1bcb4c5aa35220757d09fc5feea193b 2025-04-28
URL http://bluekostec.com/eng/community/write.asp 2025-04-28
URL http://builsf.com/inc/left.php 2025-04-28
URL http://htns.com/eng/skin/member/basic/skin.php 2025-04-28
URL http://kadsm.org/skin/board/basic/write_comment_skin.php 2025-04-28
URL http://www.rsdf.kr/wp-content/uploads/2024/01/index.php 2025-04-28
URL http://www.shcpump.com/admin/form/skin/formBasic/style.php 2025-04-28
URL https://builsf.com/inc/left.php 2025-04-28
URL https://htns.com/eng/skin/member/basic/skin.php 2025-04-28
URL https://kadsm.org/skin/board/basic/write_comment_skin.php 2025-04-28
URL https://thek-portal.com/eng/career/index.asp 2025-04-28
URL https://www.rsdf.kr/wp-content/uploads/2024/01/index.php 2025-04-28
domain bluekostec.com 2025-04-28
domain builsf.com 2025-04-28
domain htns.com 2025-04-28
domain kadsm.org 2025-04-28
domain thek-portal.com 2025-04-28
hostname www.rsdf.kr 2025-04-28
hostname www.shcpump.com 2025-04-28
hostname www.smartmanagerex.com 2025-04-28
URL http://dream.bluit.gethompy.com/mobile/skin/board/gallery/index.skin.php 2025-04-28
hostname dream.bluit.gethompy.com 2025-04-28
References (1)
↗ https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/