← Back to Pulse Feed
PULSE DETAIL
In the past few years, Fox-IT and NCC Group have conducted multiple incident response cases involving a Lazarus subgroup that specifically targets organizations in the financial and cryptocurrency sector. This Lazarus subgroup overlaps with activity linked to AppleJeus, Citrine Sleet, UNC4736, and Gleaming Pisces. This actor uses different remote access trojans (RATs) in their operations, known as PondRAT5, ThemeForestRAT and RemotePE. In this article, we analyse and discuss these three.
Indicators of Compromise (60)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 19dbffec4e359a198daf4ffca1ab9165 | MD5 of 24d5dd3006c63d0f46fb33cbc1f576325d4e7e03e3201ff4a3c1ffa604f1b74a | 2025-09-03 | |
| FileHash-MD5 | 23c2569a65870a9e412d98d5b3bdc554 | MD5 of 159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3 | 2025-09-03 | |
| FileHash-MD5 | 33c9a47debdb07824c6c51e13740bdfe | MD5 of 973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c | 2025-09-03 | |
| FileHash-MD5 | 451c23709ecd5a8461ad060f6346930c | MD5 of 5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8 | 2025-09-03 | |
| FileHash-MD5 | 75a46b23825ce7aa4ca297d93450f4e2 | MD5 of aa4a2d1215f864481994234f13ab485b95150161b4566c180419d93dda7ac039 | 2025-09-03 | |
| FileHash-MD5 | 893fed20a939e613f2b108096573eb8b | MD5 of 9dddf5a1d32e3ba7cc27f1006a843bfd4bc34fa8a149bcc522f27bda8e95db14 | 2025-09-03 | |
| FileHash-MD5 | d3ee425502cb60db1e75ef5bfd232c72 | MD5 of 8c3c8f24dc0c1d165f14e5a622a1817af4336904a3aabeedee3095098192d91f | 2025-09-03 | |
| FileHash-SHA1 | 22bbcab055bea7bd45e0081da61b6a567e32accb | SHA1 of 9dddf5a1d32e3ba7cc27f1006a843bfd4bc34fa8a149bcc522f27bda8e95db14 | 2025-09-03 | |
| FileHash-SHA1 | 24cc64543f339d701b7fe6c7e05f41cb54c9dc83 | SHA1 of 8c3c8f24dc0c1d165f14e5a622a1817af4336904a3aabeedee3095098192d91f | 2025-09-03 | |
| FileHash-SHA1 | 3b994549ab4fd9024b2f0155094d7aa43b70bb8f | SHA1 of aa4a2d1215f864481994234f13ab485b95150161b4566c180419d93dda7ac039 | 2025-09-03 | |
| FileHash-SHA1 | 58b0516d28bd7218b1908fb266b8fe7582e22a5f | SHA1 of 5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8 | 2025-09-03 | |
| FileHash-SHA1 | 7b6e6487b803bbe85d7466b89da51a269fa4fc29 | SHA1 of 973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c | 2025-09-03 | |
| FileHash-SHA1 | 91def0a4dd9b35510d7f8897bc114f975a5d7e2b | SHA1 of 159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3 | 2025-09-03 | |
| FileHash-SHA1 | d7ba13662fbfb254acaad7ae10ad51e0bd631933 | SHA1 of 24d5dd3006c63d0f46fb33cbc1f576325d4e7e03e3201ff4a3c1ffa604f1b74a | 2025-09-03 | |
| FileHash-SHA256 | 159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3 | — | 2025-09-03 | |
| FileHash-SHA256 | 1a051e4a3b62cd2d4f175fb443f5172da0b40af27c5d1ffae21fde13536dd3e1 | — | 2025-09-03 | |
| FileHash-SHA256 | 24d5dd3006c63d0f46fb33cbc1f576325d4e7e03e3201ff4a3c1ffa604f1b74a | — | 2025-09-03 | |
| FileHash-SHA256 | 2c164237de4d5904a66c71843529e37cea5418cdcbc993278329806d97a336a5 | — | 2025-09-03 | |
| FileHash-SHA256 | 37f5afb9ed3761e73feb95daceb7a1fdbb13c8b5fc1a2ba22e0ef7994c7920ef | — | 2025-09-03 | |
| FileHash-SHA256 | 3c8f5cc608e3a4a755fe1a2b099154153fb7a88e581f3b122777da399e698cca | — | 2025-09-03 | |
| FileHash-SHA256 | 4715e5522fc91a423a5fcad397b571c5654dc0c4202459fdca06841eba1ae9b3 | — | 2025-09-03 | |
| FileHash-SHA256 | 4f6ae0110cf652264293df571d66955f7109e3424a070423b5e50edc3eb43874 | — | 2025-09-03 | |
| FileHash-SHA256 | 59a651dfce580d28d17b2f716878a8eff8d20152b364cf873111451a55b7224d | — | 2025-09-03 | |
| FileHash-SHA256 | 5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8 | — | 2025-09-03 | |
| FileHash-SHA256 | 6510d460395ca3643133817b40d9df4fa0d9dbe8e60b514fdc2d4e26b567dfbd | — | 2025-09-03 | |
| FileHash-SHA256 | 7a05188ab0129b0b4f38e2e7599c5c52149ce0131140db33feb251d926428d68 | — | 2025-09-03 | |
| FileHash-SHA256 | 85045d9898d28c9cdc4ed0ca5d76eceb457d741c5ca84bb753dde1bea980b516 | — | 2025-09-03 | |
| FileHash-SHA256 | 8c3c8f24dc0c1d165f14e5a622a1817af4336904a3aabeedee3095098192d91f | — | 2025-09-03 | |
| FileHash-SHA256 | 973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053c | — | 2025-09-03 | |
| FileHash-SHA256 | 9dddf5a1d32e3ba7cc27f1006a843bfd4bc34fa8a149bcc522f27bda8e95db14 | — | 2025-09-03 | |
| FileHash-SHA256 | aa4a2d1215f864481994234f13ab485b95150161b4566c180419d93dda7ac039 | — | 2025-09-03 | |
| FileHash-SHA256 | c66ba5c68ba12eaf045ed415dfa72ec5d7174970e91b45fda9ebb32e0a37784a | — | 2025-09-03 | |
| FileHash-SHA256 | cc4c18fefb61ec5b3c69c31beaa07a4918e0b0184cb43447f672f62134eb402b | — | 2025-09-03 | |
| FileHash-SHA256 | d998de6e40637188ccbb8ab4a27a1e76f392cb23df5a6a242ab9df8ee4ab3936 | — | 2025-09-03 | |
| FileHash-SHA256 | e4ce73b4dbbd360a17f482abcae2d479bc95ea546d67ec257785fa51872b2e3f | — | 2025-09-03 | |
| FileHash-SHA256 | f0321c93c93fa162855f8ea4356628eef7f528449204f42fbfa002955a0ba528 | — | 2025-09-03 | |
| FileHash-SHA256 | f4d8e1a687e7f7336162d3caed9b25d9d3e6cfe75c89495f75a92ca87025374b | — | 2025-09-03 | |
| FileHash-SHA256 | ff32bc1c756d560d8a9815db458f438d63b1dcb7e9930ef5b8639a55fa7762c9 | — | 2025-09-03 | |
| domain | aes-secure.net | — | 2025-09-03 | |
| domain | apdl.cf | — | 2025-09-03 | |
| domain | arcashop.org | — | 2025-09-03 | |
| domain | azuredeploypackages.net | — | 2025-09-03 | |
| domain | azureglobalaccelerator.com | — | 2025-09-03 | |
| domain | calendly.live | — | 2025-09-03 | |
| domain | dpkgrepo.com | — | 2025-09-03 | |
| domain | file.name | — | 2025-09-03 | |
| domain | ftxstock.com | — | 2025-09-03 | |
| domain | jdkgradle.com | — | 2025-09-03 | |
| domain | keondigital.com | — | 2025-09-03 | |
| domain | latamics.org | — | 2025-09-03 | |
| domain | lmaxtrd.com | — | 2025-09-03 | |
| domain | nansenpro.com | — | 2025-09-03 | |
| domain | oncehub.co | — | 2025-09-03 | |
| domain | paxosfuture.com | — | 2025-09-03 | |
| domain | picktime.live | — | 2025-09-03 | |
| domain | pypilibrary.com | — | 2025-09-03 | |
| domain | pypistorage.com | — | 2025-09-03 | |
| hostname | go.oncehub.co | — | 2025-09-03 | |
| hostname | www.natefi.org | — | 2025-09-03 | |
| hostname | www.plexisco.com | — | 2025-09-03 |