ioc[.]one - OSINT Cyber Threat Intelligence Database

Lazarus’ MacOS Dacls RAT Shows Multi-Platform Ability

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	e6f0255f-8b8e-4877-aef6-02668afc3759
Fingerprint	f43c9d1a84382f81
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 11, 2020, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Oct. 15, 2024, 5:33 p.m.
Headline	Lazarus’ MacOS Dacls RAT Shows Multi-Platform Ability
Title	Lazarus’ MacOS Dacls RAT Shows Multi-Platform Ability
Detected Hints/Tags/Attributes	62/2/19

Source URLs

	Redirection	Url
Details	Source	https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability
Details	Source	https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability/
Details	Source	https://www.trendmicro.com/en_ca/research/20/e/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com
Details	trendmicro.com	blog.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		thevagabondsatchel.com
Details	Domain	4		loneeaglerecords.com
Details	Domain	5		tinkaotp.app
Details	File	17		agent.pl
Details	File	1		applestore.db
Details	File	6		tinkaotp.dmg
Details	sha256	3		846d8647d27a0d729df40b13a644f3bffdc95f6d0e600f2195c85628d59f1dc6
Details	sha256	3		d3235a29d254d0b73ff8b5445c962cd3b841f487469d60a02819c0eb347111dd
Details	sha256	1		e5b842784cc3e9bc0376915d2d823c3e4e076d29b5fb98ea69ff9a56b0f4a54a
Details	sha256	3		216a83e54cac48a75b7e071d0262d98739c840fd8cd6d0b48a9c166b69acd57d
Details	sha256	1		7e8a086319a218732dde5a749afdd9813d3047eaeef511e0374ca64fd8d0d033
Details	sha256	4		899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53
Details	sha256	1		fea0bd961d8d72642a3e1cb92b6ac084a9680eaef816ad414e282f6ea87d52c6
Details	sha256	1		7b8792025aacff5dacb3a9121ec2f5bfa33d5932d1f43b9ad0d518c55c6e1298
Details	sha256	1		90fbc26c65e4aa285a3f7ee6ff8a3a4318a8961ebca71d47f51ef0b4b7829fd0
Details	IPv4	2		50.87.144.227
Details	IPv4	7		67.43.239.146
Details	IPv4	6		185.62.58.207
Details	Url	4		https://loneeaglerecords.com/wp-content/uploads/2020/01/images.tgz.001