Thief in the Dark: Lazarus Uses Dtrack RAT Tool to Steal Massive Medical Data
Contents
Date: 2020-12-18
Ⅰ.Summary
Lazarus APT Group is a large North Korea-based group with the worldwide attack activities. The Group frequently attacks financial institutions and research centers and is treated as the top threat to global financial institutions for its economically motivated or pure espionage attacks. In 2013, the Group used Dtrack RAT tool to conduct an attack known as“arkSeoul” against South Korean media, financial and other institutions. Two years later in 2015, Lazarus used a similar tool to attack the European transport department. The RAT tool known as Dtrack is just one of the weapons in Lazarus’ arsenal. The malware has been active since 2013 and was most recently used in an attack on India’s Kudankulam nuclear power plant. The ThreatBook Intelligence Research and Response Team recently detected the latest attack activity of Lazarus APT using Dtrack RAT tool through the threat hunting system. The attacker stole a large amount of medical …
Ⅰ.Summary
Lazarus APT Group is a large North Korea-based group with the worldwide attack activities. The Group frequently attacks financial institutions and research centers and is treated as the top threat to global financial institutions for its economically motivated or pure espionage attacks. In 2013, the Group used Dtrack RAT tool to conduct an attack known as“arkSeoul” against South Korean media, financial and other institutions. Two years later in 2015, Lazarus used a similar tool to attack the European transport department. The RAT tool known as Dtrack is just one of the weapons in Lazarus’ arsenal. The malware has been active since 2013 and was most recently used in an attack on India’s Kudankulam nuclear power plant. The ThreatBook Intelligence Research and Response Team recently detected the latest attack activity of Lazarus APT using Dtrack RAT tool through the threat hunting system. The attacker stole a large amount of medical …
IoC
http://46.14.68.202/editor/common.php
46.14.68.202
145.232.235.222
f5b338d6bca36d47ee04d93d08c57861
36.99.136.129
68.183.78.131
http://145.232.235.222/usr/users/common.php
http://www.bwaprzemysl.pl/formularz/form_zgloszenie_uk.php
46.14.68.202
145.232.235.222
f5b338d6bca36d47ee04d93d08c57861
36.99.136.129
68.183.78.131
http://145.232.235.222/usr/users/common.php
http://www.bwaprzemysl.pl/formularz/form_zgloszenie_uk.php