Skip to content

Hide Navigation Hide TOC

Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128)

Dacls is a multi-platform remote access tool used by Lazarus Group since at least December 2019.(Citation: TrendMicro macOS Dacls May 2020)(Citation: SentinelOne Lazarus macOS July 2020)

Cluster A Galaxy A Cluster B Galaxy B Level
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 1
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware 1
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 1
Dacls - S0497 (3aa169f8-bbf6-44bb-b57d-7f6ada5c2128) Malware Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Launch Daemon - T1543.004 (573ad264-1371-4ae0-8482-d2673b719dba) Attack Pattern 2
Launch Agent - T1543.001 (d10cbd34-42e3-45c0-84d2-535a09849584) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Files and Directories - T1564.001 (ec8fc7e2-b356-455c-8db5-2e37be158e7d) Attack Pattern 2