Malware: DRATzarus

Description

[DRATzarus](https://attack.mitre.org/software/S0694) is a remote access tool (RAT) that has been used by [Lazarus Group](https://attack.mitre.org/groups/G0032) to target the defense and aerospace organizations globally since at least summer 2020. [DRATzarus](https://attack.mitre.org/software/S0694) shares similarities with [Bankshot](https://attack.mitre.org/software/S0239), which was used by [Lazarus Group](https://attack.mitre.org/groups/G0032) in 2017 to target the Turkish financial sector.(Citation: ClearSky Lazarus Aug 2020)

External References

• mitre-attack
• ClearSky Lazarus Aug 2020

Techniques Used by This Malware

• T1005 — Data from Local System
• T1018 — Remote System Discovery
• T1027 — Obfuscated Files or Information
• T1027.002 — Software Packing
• T1033 — System Owner/User Discovery
• T1036.005 — Match Legitimate Resource Name or Location
• T1057 — Process Discovery
• T1071.001 — Web Protocols
• T1105 — Ingress Tool Transfer
• T1106 — Native API
• T1124 — System Time Discovery
• T1497.003 — Time Based Evasion
• T1622 — Debugger Evasion