G0032 - Lazarus Group

Threat Intelligence Feed

Feed ID: 0sEwqIYBYAdeK0KLn8kD

Lazarus Group is a North Korean state-sponsored cyber threat group that has been attributed to the Reconnaissance General Bureau. The group has been active since at least 2009 and was reportedly responsible for the November 2014 destructive wiper attack against Sony Pictures Entertainment as part of a campaign named Operation Blockbuster by Novetta. Malware used by Lazarus Group correlates to other reported campaigns, including Operation Flame, Operation 1Mission, Operation Troy, DarkSeoul, and Ten Days of Rain.


Select the way you want to use this feed:


Download Feed

Download this Threat Intelligence feed directly or through code:

  • Several different formats (Simple IoC lists or full context JSON)
  • Code snippets available on how to download it in different programming languages.


    • Integrate Feed

    Automate your Security Operations by integrating this feed data real time into your Security Stack:

  • Onboard Maltiverse Feeds on security devices (SIEM, SOAR, Firewalls, etc)
  • Create your own feed and deploy new IoCs insantly across you security devices.


    • Feed composition

    Feed composition by type

    IP Address Hostname URL Sample Total

    Feed ingestion over time ()

    Feed composition by type

    results found for: “classification:malicious AND blacklist.external_references.external_id:"G0032"”