MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #126 from Delta-Sierra/master 

add UBoatRAT
pull/127/head
Alexandre Dulaunoy 2017-11-29 15:18:08 +01:00 committed by GitHub
parent b4889f7252 695d580d3c
commit 3594dcea1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
clusters/rat.json
View File

@ -2151,6 +2151,15 @@
"https://www.us-cert.gov/ncas/alerts/TA17-318A"
]
}
},
{
"description": "Alto Networks Unit 42 has identified attacks with a new custom Remote Access Trojan (RAT) called UBoatRAT. The initial version of the RAT, found in May of 2017, was simple HTTP backdoor that uses a public blog service in Hong Kong and a compromised web server in Japan for command and control. The developer soon added various new features to the code and released an updated version in June. The attacks with the latest variants we found in September have following characteristics.\nTargets personnel or organizations related to South Korea or video games industry\nDistributes malware through Google Drive\nObtains C2 address from GitHub\nUses Microsoft Windows Background Intelligent Transfer Service(BITS) to maintain persistence.",
"value": "UBoatRAT",
"meta": {
"refs": [
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
]
}
}
]
}