Lazarus

Lazarus Group DPRK NK APT. Hidden Cobra. WannaCry 2017. SWIFT banker. livedrivefiles.com Drive imitation C2.

Threat Profile
Type Backdoor
Programming LanguageC/C++
C2 ProtocolHTTPS+P2P
First Seen2009
Targets Küresel Finans/Crypto/Devlet
Purpose / Capabilities
  • APT+Espionage+Financial

C2 Servers 2

1 Active
Address Port Protocol Status Action
odata.me
443 HTTPS Active
livedrivefiles.com
443 HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

Critical

Lazarus Group -- livedrivefiles.com Drive Taklidi C2, odata.me, NtCreateUserProcess | Kritik APT

Lazarus DPRK APT 553KB. livedrivefiles.com Google Drive taklidi C2 exfil. odata.me. NtQueryInformationProcess NT API anti-debug.

Read Report →