Dtrack

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
DTrack is a type of malware, or malicious software, known for its destructive capabilities. It can infiltrate systems through dubious downloads, emails, or websites and wreak havoc by stealing personal information, disrupting operations, or holding data hostage for ransom. Notably, DTrack was utilized by the Andariel subgroup of the Lazarus group, notorious for their cybercriminal activities. In mid-2022, they deployed both DTrack and Maui ransomware in their nefarious operations, targeting organizations worldwide with these custom-built tools. This marked the beginning of an uptick in activity involving well-known banking Trojans like DTrack, Zbot, and Qbot, which are designed to steal banking credentials. The campaign led by the Lazarus group brought about several new malware families, such as YamaBot and MagicRat, alongside updated versions of NukeSped and DTrack. Unfortunately, the initial malware downloaded during these attacks often went undetected, but subsequent exploitation was frequently followed by the download of the DTrack backdoor. This allowed the group to establish persistent initial access on compromised systems, using custom-built implants like MagicRAT, VSingle, DTrack, and YamaBot. More recently, Kaspersky researchers detected the Lazarus group using a new malware family called EarlyRat, in conjunction with DTrack and Maui ransomware. They exploited the Log4j flaw for initial access, showing a continued evolution in their tactics and toolsets. Despite the introduction of new malware families like YamaBot and MagicRat, DTrack remains a significant part of the group's arsenal, highlighting its enduring threat to global cybersecurity.
What's your take? (Question 1 of 5)
9cd8a211-2ba7-4da1-9453-c293e8e63359 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
Exploit
Apt
Ransomware
Trojan
Log4j
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
3
The Lazarus Group, a notorious threat actor associated with North Korea, has been implicated in a series of sophisticated cyber-attacks and illegal activities. The group is known for its exploitation activities aimed at establishing kernel read/write primitives. A notable attack orchestrated by the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dtrack Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Hello! My name is Dtrack
MITRE
a year ago
DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers
CERT-EU
a year ago
APT trends report Q1 2023
CERT-EU
a year ago
North Korean hackers stole research data in two-month-long breach
CERT-EU
a year ago
Северокорейские хакеры воспользовались уязвимостью почтового сервера Zimbra в своей вредоносной кампании «No Pineapple»
CERT-EU
a year ago
APT trends report Q1 2023 - GIXtools
CERT-EU
a year ago
Andariel APT Hackers Drop a New Malware On Windows Via Weaponized MS Word Doc
CERT-EU
a year ago
Kaspersky crimeware report: Andariel’s mistakes and EasyRat malware
InfoSecurity-magazine
a year ago
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
InfoSecurity-magazine
a year ago
Lazarus Group Attack Identified After Operational Security Fail
CERT-EU
9 months ago
IT threat evolution Q2 2023
CERT-EU
a year ago
Andariel’s silly mistakes and a new malware family – GIXtools
CERT-EU
a year ago
Log4j bug exploited to push novel EarlyRat malware
CERT-EU
9 months ago
IT threat evolution in Q2 2023 – GIXtools
Securelist
a year ago
Financial cyberthreats in 2022
CSO Online
a year ago
Attacks on industrial infrastructure on the rise, defenses struggle to keep up
CERT-EU
a year ago
Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive
CSO Online
a year ago
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
CERT-EU
a year ago
Des hackers nord-coréens démasqués après une erreur opérationnelle | UnderNews
CERT-EU
a year ago
Andariel’s silly mistakes and a new malware family – Cyber Security Review