Movatterモバイル変換


[0]ホーム

URL:


  1. Home
  2. Software
  3. Dacls

Dacls

Dacls is a multi-platform remote access tool used byLazarus Group since at least December 2019.[1][2]

ID: S0497
Type: MALWARE
Platforms: macOS, Linux, Windows
Version: 1.1
Created: 07 August 2020
Last Modified: 11 April 2024
Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1071.001Application Layer Protocol:Web Protocols

Dacls can use HTTPS in C2 communications.[2][1]

EnterpriseT1543.001Create or Modify System Process:Launch Agent

Dacls can establish persistence via a LaunchAgent.[2][1]

.004Create or Modify System Process:Launch Daemon

Dacls can establish persistence via a Launch Daemon.[2][1]

EnterpriseT1083File and Directory Discovery

Dacls can scan directories on a compromised host.[1]

EnterpriseT1564.001Hide Artifacts:Hidden Files and Directories

Dacls has had its payload named with a dot prefix to make it hidden from view in the Finder application.[2][1]

EnterpriseT1105Ingress Tool Transfer

Dacls can download its payload from a C2 server.[2][1]

EnterpriseT1036Masquerading

TheDacls Mach-O binary has been disguised as a .nib file.[2]

EnterpriseT1027.013Obfuscated Files or Information:Encrypted/Encoded File

Dacls can encrypt its configuration file with AES CBC.[1]

EnterpriseT1057Process Discovery

Dacls can collect data on running and parent processes.[1]

Groups That Use This Software

IDNameReferences
G0032Lazarus Group

[2][1]

References

×

[8]ページ先頭

©2009-2026 Movatter.jp