[x] Block NineRAT Malware written in DLang by Lazarus group.
Description
Operation Blacksmith involved the exploitation of CVE-2021-44228, also known as Log4Shell, and the use of a previously unknown DLang-based RAT utilizing Telegram as its C2 channel. We’re naming this malware family “NineRAT.” NineRAT was initially built around May 2022 and was first used in this campaign as early as March 2023, almost a year later, against a South American agricultural organization. We then saw NineRAT being used again around September 2023 against a European manufacturing entity.
Enhancement idea
NineRAT
Malware written in DLang by Lazarus group.Description
Operation Blacksmith involved the exploitation of
CVE-2021-44228
, also known asLog4Shell
, and the use of a previously unknown DLang-based RAT utilizing Telegram as its C2 channel. We’re naming this malware family “NineRAT.” NineRAT was initially built around May 2022 and was first used in this campaign as early as March 2023, almost a year later, against a South American agricultural organization. We then saw NineRAT being used again around September 2023 against a European manufacturing entity.Links
https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
IP's
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a