top of page
Search
Writer's pictureStormsec

Comprehensive Threat Intelligence: MagicRAT: Lazarus&#8217

Cisco Talos has discovered a new remote access trojan (RAT), which we are calling "MagicRAT," that we are attributing with moderate to high confidence to the Lazarus threat actor, a state-sponsored APT attributed to North Korea by the U.S. Cyber Security & Infrastructure Agency (CISA). This new RAT was found on victims that had been initially compromised through the exploitation of publicly exposed VMware Horizon platforms.




ADVERSARY: Lazarus


MALWARE FAMILIES: MagicRAT, TigerRAT


ATT&CK IDS: T1566 - Phishing, T1027 - Obfuscated Files or Information, T1025 - Data from Removable Media, T1125 - Video Capture, T1059 - Command and Scripting Interpreter, T1046 - Network Service Scanning, T1105 - Ingress Tool Transfer, T1036 - Masquerading, T1070 - Indicator Removal on Host, T1102 - Web Service, T1053 - Scheduled Task/Job, T1547 - Boot or Logon Autostart Execution


Read More:

1 view

Comments


Commenting has been turned off.
bottom of page