diff --git a/clusters/rat.json b/clusters/rat.json index 39933089..88c8535d 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -2421,6 +2421,17 @@ "https://github.com/xlinshan/Coldroot" ] } + }, + { + "value": "Comnie", + "description": "Comnie is a RAT originally identified by Sophos. It has been using Github, Tumbler and Blogspot as covert channels for its C2 communications. Comnie has been observed targetting government, defense, aerospace, high-tech and telecommunication sectors in Asia.", + "uuid": "fbc5bbb2-38b4-4fa3-9b9f-624e05cdc648", + "meta": { + "refs": [ + "https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c", + "https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/" + ] + } } ] }