Security On-Demand Received Top #21 Global Ranking in the 2022 MSP501 List. See the list here

Threat Advisory: Lazarus Backdoor DTrack Evolves to Target Europe and Latin America

Summary

The backdoor DTrack, widely used by the North Korean Lazarus group over the last three years, is still being deployed to target organizations in Europe, the US and Latin America. According to Kaspersky, DTrack has been used in financial environments to breach ATMs in ransomware attacks and in campaigns against a nuclear power plant in India.

DTrack allows criminals to upload, download, start or delete files on the victim host. Among the tools available within DTrack toolset, there is a keylogger, a screenshot maker and a module for gathering victim system information.

The DTrack backdoor continues to be used actively by the Lazarus group. Modifications in the way the malware is packed is an indication of how valuable this tool is for the Lazarus group.

IOCs

C2 domains

  • pinkgoat[.]com
  • purewatertokyo[.]com
  • purplebear[.]com
  • salmonrabbit[.]com

MD5

  • 1A74C8D8B74CA2411C1D3D22373A6769
  • 67F4DAD1A94ED8A47283C2C0C05A7594

SOD Actions

As part of the proactive actions, Security On-Demand is monitoring all our customers infrastructure thought the use of our platforms and the available indicators of compromise available for this tool. Also, SOD is constantly monitoring the web for any new IoC that might become available.

Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.

Additional Resources

RECOMMENDED POSTS

High-Severity Flaws in Juniper Junos OS

(CVE-2022-22241, CVE-2022-22242, CVE-2022-22243, CVE-2022-22244, CVE-2022-22245, CVE-2022-22246) Event Summary Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices (J-Web component of Juniper Networks

Read More