Adds Ragnatela RAT

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
pull/674/head
Jürgen Löhel 2022-01-10 15:57:10 -06:00
parent b9d54b8ad9
commit 5aa8a8a8b1
No known key found for this signature in database
GPG Key ID: 54E44C4D345DD098
1 changed files with 20 additions and 1 deletions

View File

@ -3497,7 +3497,26 @@
}, },
"uuid": "35198ca6-6f8d-49cd-be1b-65f21b2e7e00", "uuid": "35198ca6-6f8d-49cd-be1b-65f21b2e7e00",
"value": "DarkWatchman" "value": "DarkWatchman"
},
{
"description": "Malwarebytes Lab identified a new variant of the BADNEWS RAT called Ragnatela. It is being distributed via spear phishing emails to targets of interest in Pakistan. Ragnatela, which means spider web in Italian, is also the project name and panel used by Patchwork APT. Ironically, the threat actor infected themselves with their own RAT.",
"meta": {
"refs": [
"https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/"
]
},
"related": [
{
"dest-uuid": "e9595678-d269-469e-ae6b-75e49259de63",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"version": 37 "uuid": "e79cb167-6639-46a3-9646-b12535aa21b6",
"value": "Ragnatela"
}
],
"version": 38
} }