Merge pull request #674 from jloehel/ragnatela

Adds Ragnatela RAT
2022-01-11 10:11:25 +01:00 · 2022-01-11 10:11:25 +01:00 · 58fc75bda0
parent b9d54b8ad9 5aa8a8a8b1
commit 58fc75bda0
1 changed files with 20 additions and 1 deletions
--- a/clusters/rat.json
+++ b/clusters/rat.json
@ -3497,7 +3497,26 @@
      },
      "uuid": "35198ca6-6f8d-49cd-be1b-65f21b2e7e00",
      "value": "DarkWatchman"
+    },
+    {
+      "description": "Malwarebytes Lab identified a new variant of the BADNEWS RAT called Ragnatela. It is being distributed via spear phishing emails to targets of interest in Pakistan. Ragnatela, which means spider web in Italian, is also the project name and panel used by Patchwork APT. Ironically, the threat actor infected themselves with their own RAT.",
+      "meta": {
+        "refs": [
+          "https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/"
+        ]
+      },
+      "related": [
+        {
+          "dest-uuid": "e9595678-d269-469e-ae6b-75e49259de63",
+          "tags": [
+            "estimative-language:likelihood-probability=\"likely\""
+          ],
+          "type": "similar"
+        }
+      ],
+      "uuid": "e79cb167-6639-46a3-9646-b12535aa21b6",
+      "value": "Ragnatela"
    }
  ],
-  "version": 37
+  "version": 38
 }