Lazarus
Lazarus Group DPRK NK APT. Hidden Cobra. WannaCry 2017. SWIFT banker. livedrivefiles.com Drive imitation C2.
Threat Profile
Type
Backdoor
Programming LanguageC/C++
C2 ProtocolHTTPS+P2P
First Seen2009
Targets
Küresel Finans/Crypto/Devlet
Purpose / Capabilities
- APT+Espionage+Financial
C2 Servers 2
1 Active
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
odata.me
|
443 | HTTPS | Active | |
livedrivefiles.com
|
443 | HTTPS | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
Lazarus Group -- livedrivefiles.com Drive Taklidi C2, odata.me, NtCreateUserProcess | Kritik APT
Lazarus DPRK APT 553KB. livedrivefiles.com Google Drive taklidi C2 exfil. odata.me. NtQueryInformationProcess NT API anti-debug.
Read Report →