SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.poolrat (Back to overview)

POOLRAT

Actor(s): Lazarus Group

There is no description at this point.

References
2023-04-203CXAgathocles Prodromou
@online{prodromou:20230420:security:7224e80, author = {Agathocles Prodromou}, title = {{Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found}}, date = {2023-04-20}, organization = {3CX}, url = {https://www.3cx.com/blog/news/mandiant-security-update2/}, language = {English}, urldate = {2023-04-25} } Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found
POOLRAT
2023-04-20MandiantJEFF JOHNSON, Fred Plan, ADRIAN SANCHEZ, RENATO FONTANA, Jake Nicastro, Dimiter Andonov, Marius Fodoreanu, DANIEL SCOTT
@online{johnson:20230420:3cx:9ef2c90, author = {JEFF JOHNSON and Fred Plan and ADRIAN SANCHEZ and RENATO FONTANA and Jake Nicastro and Dimiter Andonov and Marius Fodoreanu and DANIEL SCOTT}, title = {{3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible}}, date = {2023-04-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise}, language = {English}, urldate = {2023-04-25} } 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
POOLRAT IconicStealer
2021-02-18SymantecThreat Hunter Team
@online{team:20210218:lazarus:f98481c, author = {Threat Hunter Team}, title = {{Lazarus: Three North Koreans Charged for Financially Motivated Attacks}}, date = {2021-02-18}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-north-korea-indictment}, language = {English}, urldate = {2023-08-21} } Lazarus: Three North Koreans Charged for Financially Motivated Attacks
AppleJeus POOLRAT Unidentified macOS 001 (UnionCryptoTrader) AppleJeus Unidentified 077 (Lazarus Downloader)

There is no Yara-Signature yet.