Dtrack

Malware updated 15 days ago (2024-10-03T03:01:23.057Z)

Download STIX

Preview STIX

DTrack is a type of malware, short for malicious software, that is designed to exploit and damage computers or devices. It can infiltrate systems through suspicious downloads, emails, or websites and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware has been associated with the Andariel group, a subset of the Lazarus group, known for their use of DTrack and Maui ransomware. In mid-2022, Andariel deployed these two harmful programs, as reported by securelist.com. The group also engages in cybercrime to fund its operations, deploying custom-built tools such as DTrack malware and Maui ransomware to target organizations worldwide. DTrack was also part of a broader landscape of increasing malware activity. New banking Trojans emerged that sought banking credentials, and there was heightened activity from some well-known ones, including DTrack, Zbot, and Qbot. Unfortunately, the first piece of malware downloaded was not caught, but the subsequent exploitation was closely followed by the download of the DTrack backdoor. This period saw the introduction of several new malware families like YamaBot and MagicRat, as well as updated versions of NukeSped and DTrack. More recently, the group was detected using another new malware family called EarlyRat, which was being used in conjunction with DTrack malware and Maui ransomware, exploiting the Log4j flaw for initial access. In several of the attacks, Stonefly's custom malware Backdoor.Preft (also known as Dtrack, Valefor) was deployed, according to Symantec's blog post. The evolution of DTrack's targeting towards Europe and Latin America further exemplifies the persistent threat landscape posed by advanced persistent threats (APTs) using API hashing.

Description last updated: 2024-10-03T02:16:21.374Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Stonefly is a possible alias for Dtrack. Stonefly, also known as Andariel, Silent Chollima, Onyx Sleet, and APT45, is a threat actor group that has been active since at least 2015 and is believed to be linked to the North Korean government. The group has been involved in various attacks, including ransomware campaigns against Healthcare an	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Backdoor

Exploit

Log4j

Ransomware

Trojan

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Lazarus Group Threat Actor is associated with Dtrack. The Lazarus Group, a notorious threat actor attributed to North Korea, has been implicated in a series of high-profile cyberattacks and illicit activities. The group is known for its sophisticated operations, including Operation DreamJob, which targeted Spain with a high level of confidence. Over th	Unspecified	3

Source Document References

Information about the Dtrack Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	15 days ago	North Korea Profits as 'Stonefly' APT Swarms US Co's.
InfoSecurity-magazine	2 months ago	Advanced ValleyRAT Campaign Hits Windows Users in China
CERT-EU	10 months ago	Lazarus Group Exploits Log4j Flaw in New Malware Campaign
BankInfoSecurity	10 months ago	North Korean Hackers Steal South Korean Anti-Aircraft Data
CERT-EU	a year ago	IT threat evolution in Q2 2023 – GIXtools
CERT-EU	a year ago	IT threat evolution Q2 2023
CERT-EU	a year ago	Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
CERT-EU	a year ago	Andariel’s silly mistakes and a new malware family – Cyber Security Review
CERT-EU	a year ago	New Malware Alert: EarlyRAT Linked to North Korean Hacking Group
CERT-EU	a year ago	Log4j bug exploited to push novel EarlyRat malware
Securityaffairs	a year ago	North Korean Andariel APT used a new malware named EarlyRat
BankInfoSecurity	a year ago	New Malware by Lazarus-Backed Andariel Group Exploits Log4j
CERT-EU	a year ago	Andariel APT Hackers Drop a New Malware On Windows Via Weaponized MS Word Doc
CERT-EU	a year ago	Andariel’s Mistakes Uncover New Malware in Lazarus Group Campaign
CERT-EU	a year ago	Andariel’s silly mistakes and a new malware family – GIXtools
CERT-EU	a year ago	Kaspersky crimeware report: Andariel’s mistakes and EasyRat malware
MITRE	2 years ago	Hello! My name is Dtrack
MITRE	2 years ago	DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers
CSO Online	2 years ago	APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
InfoSecurity-magazine	2 years ago	Lazarus Group Attack Identified After Operational Security Fail