SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Dacls
Dacls is a multi-platform remote access tool used by Lazarus Group since at least December 2019.[1][2]
ID: S0497
Type: MALWARE
Platforms: macOS, Linux, Windows
Version: 1.0
Created: 07 August 2020
Last Modified: 02 September 2020
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
Enterprise | T1543 | .004 | Create or Modify System Process: Launch Daemon | |
.001 | Create or Modify System Process: Launch Agent | |||
Enterprise | T1083 | File and Directory Discovery | ||
Enterprise | T1564 | .001 | Hide Artifacts: Hidden Files and Directories |
Dacls has had its payload named with a dot prefix to make it hidden from view in the Finder application.[2][1] |
Enterprise | T1105 | Ingress Tool Transfer | ||
Enterprise | T1036 | Masquerading |
The Dacls Mach-O binary has been disguised as a .nib file.[2] |
|
Enterprise | T1027 | Obfuscated Files or Information | ||
Enterprise | T1057 | Process Discovery |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0032 | Lazarus Group |
References
×