add Sepulcher RAT

clusters/rat.json

@@ -3452,6 +3452,19 @@
       },
       "uuid": "9d36db93-7d60-4da6-a611-1a32e02a054f",
       "value": "SDBbot"
+    },
+    {
+      "description": "A China-based APT has been sending organizations spear-phishing emails that distribute a never-before-seen intelligence-collecting RAT dubbed Sepulcher.\n\nResearchers discovered the new malware being distributed over the past six months through two separate campaigns. The first, in March, targeted European diplomatic and legislative bodies, non-profit policy research organizations and global organizations dealing with economic affairs. The second, in July, targeted Tibetan dissidents. They tied the campaigns to APT group TA413, which researchers say has been associated with Chinese state interests and is known for targeting the Tibetan community.\n\n“Based on the use of publicly known sender addresses associated with Tibetan dissident targeting and the delivery of Sepulcher malware payloads, [we] have attributed both campaigns to the APT actor TA413,” said Proofpoint researchers in a Wednesday analysis. “The usage of publicly known Tibetan-themed sender accounts to deliver Sepulcher malware demonstrates a short-term realignment of TA413’s targets of interest.”",
+      "meta": {
+        "refs": [
+          "https://www.enigmasoftware.fr/logicielmalveillantsepulcher-supprimer/",
+          "https://threatpost.com/chinese-apt-sepulcher-malware-phishing-attacks/158871/",
+          "https://malpedia.caad.fkie.fraunhofer.de/details/win.sepulcher",
+          "https://cyware.com/news/chinese-apt-ta413-found-distributing-sepulcher-malware-176a0969"
+        ]
+      },
+      "uuid": "d0ed7527-cd1b-4b05-bbac-2e409ca46104",
+      "value": "Sepulcher"
     }
   ],
   "version": 34