SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.poolrat (Back to overview)

POOLRAT

aka: SIMPLESEA, SIMPLETEA

Actor(s): Lazarus Group


There is no description at this point.

References
2023-10-04Virus BulletinPeter Kálnai
Lazarus Campaigns and Backdoors in 2022-23
SimpleTea POOLRAT 3CX Backdoor BLINDINGCAN CLOUDBURST DRATzarus ForestTiger ImprudentCook LambLoad LightlessCan miniBlindingCan PostNapTea SnatchCrypto wAgentTea WebbyTea WinInetLoader
2023-04-20MandiantADRIAN SANCHEZ, DANIEL SCOTT, Dimiter Andonov, Fred Plan, Jake Nicastro, JEFF JOHNSON, Marius Fodoreanu, RENATO FONTANA
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
POOLRAT IconicStealer UNC4736
2023-04-203CXAgathocles Prodromou
Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found
POOLRAT
2023-04-20ESET ResearchMarc-Etienne M.Léveillé, Peter Kálnai
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
BADCALL SimpleTea POOLRAT 3CX Backdoor BADCALL IconicStealer
2021-02-18SymantecThreat Hunter Team
Lazarus: Three North Koreans Charged for Financially Motivated Attacks
AppleJeus POOLRAT Unidentified macOS 001 (UnionCryptoTrader) AppleJeus Unidentified 077 (Lazarus Downloader)
2021-02-17US-CERTCISA
Malware Analysis Report (AR21-048E): AppleJeus: CoinGoTrade
AppleJeus POOLRAT AppleJeus

There is no Yara-Signature yet.