 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Dacls RAT| Names | Dacls RAT Dacls | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Qihoo 360) Dacls is a new type of remote-control software targeting both Windows and Linux environment. Its functions are modular, the C2 protocol uses TLS and RC4 double-layer encryption, the configuration file uses AES encryption and supports C2 instruction dynamic update. The Win32.Dacls plug-in module is dynamically loaded through a remote URL, and the Linux version of the plug-in is compiled directly in the Bot program. | |
| Information | <https://blog.netlab.360.com/dacls-the-dual-platform-rat-en/> <https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/elf.dacls> <https://malpedia.caad.fkie.fraunhofer.de/details/win.dacls> <https://malpedia.caad.fkie.fraunhofer.de/details/osx.dacls> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:Dacls> | |
Last change to this tool card: 29 December 2022
Download this tool card in JSON format
Previous: Cyst Downloader
Next: DADJOKE
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | Lazarus Group, Hidden Cobra, Labyrinth Chollima |  | 2007-Feb 2024  |  | |
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |