lazarusholic

Everyday is lazarus.dayβ

DarkRiver

2023-09-27, Ptsecurity
Dark River. You can't see them, but they're there
"Some information about the characteristics of the MataDoor backdoor was published by Kaspersky in the "Southeast Asia and Korean Peninsula" section of the APT Trends Report Q2 2023. In that report, this backdoor, named MATAv5, was associated with the Lazarus group’s activity. In our investigation of the network infrastructure used, we were unable to definitively identify the author of this tool. So we assigned the name Dark River to the group that initiated the attack, based on the name River mentioned in the Author field of some of the phishing documents mentioned above."

- Ptsecurity, https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/dark-river-you-can-t-see-them-but-they-re-there/

Also known as

 
Name Named by AKA First seen Last seen
DarkRiver Ptsecurity JadeSleet 2023-09-27 2023-09-27
JadeSleet Microsoft TraderTraitor 2023-07-18 2024-10-15
SlowPisces PaloaltoNetworks JadeSleet 2024-06-28 2024-09-09

Reports