MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Adds Ragnatela RAT 

Signed-off-by: Jürgen Löhel <juergen.loehel@inlyse.com>
pull/674/head
Jürgen Löhel 2022-01-10 15:57:10 -06:00
parent b9d54b8ad9
commit 5aa8a8a8b1
No known key found for this signature in database
GPG Key ID: 54E44C4D345DD098
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/rat.json
View File

@ -3497,7 +3497,26 @@
}, },
"uuid": "35198ca6-6f8d-49cd-be1b-65f21b2e7e00", "uuid": "35198ca6-6f8d-49cd-be1b-65f21b2e7e00",
"value": "DarkWatchman" "value": "DarkWatchman"
},
{
"description": "Malwarebytes Lab identified a new variant of the BADNEWS RAT called Ragnatela. It is being distributed via spear phishing emails to targets of interest in Pakistan. Ragnatela, which means spider web in Italian, is also the project name and panel used by Patchwork APT. Ironically, the threat actor infected themselves with their own RAT.",
"meta": {
"refs": [
"https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/"
]
},
"related": [
{
"dest-uuid": "e9595678-d269-469e-ae6b-75e49259de63",
"tags": [
"estimative-language:likelihood-probability=\"likely\""
],
"type": "similar"
} }
], ],
"version": 37 "uuid": "e79cb167-6639-46a3-9646-b12535aa21b6",
"value": "Ragnatela"
}
],
"version": 38
} }