2023-09-27
Ptsecurity
Dark River. You can't see them, but they're there
#MataDoor
#DarkRiver
#CVE-2021-40444
DarkRiver
"Some information about the characteristics of the MataDoor backdoor was published by Kaspersky in the "Southeast Asia and Korean Peninsula" section of the APT Trends Report Q2 2023. In that report, this backdoor, named MATAv5, was associated with the Lazarus group’s activity. In our investigation of the network infrastructure used, we were unable to definitively identify the author of this tool. So we assigned the name Dark River to the group that initiated the attack, based on the name River mentioned in the Author field of some of the phishing documents mentioned above."
- Ptsecurity, https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/dark-river-you-can-t-see-them-but-they-re-there/
Also known as
Name | Named by | AKA | First seen | Last seen |
---|---|---|---|---|
DarkRiver | Ptsecurity | JadeSleet | 2023-09-27 | 2023-09-27 |
JadeSleet | Microsoft | TraderTraitor | 2023-07-18 | 2024-10-15 |
SlowPisces | PaloaltoNetworks | JadeSleet | 2024-06-28 | 2024-09-09 |