Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. During the same period, Andariel also actively exploited the Log4j vulnerability as reported by Talos and Ahnlab. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.
While on an unrelated investigation recently, kaspersky researchers stumbled upon this campaign and decided to dig a little bit deeper. They discovered a previously undocumented malware family and an addition to Andariel’s set of TTPs.