diff --git a/clusters/rat.json b/clusters/rat.json index b04706c..5e30a3a 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -2151,6 +2151,15 @@ "https://www.us-cert.gov/ncas/alerts/TA17-318A" ] } + }, + { + "description": "Alto Networks Unit 42 has identified attacks with a new custom Remote Access Trojan (RAT) called UBoatRAT. The initial version of the RAT, found in May of 2017, was simple HTTP backdoor that uses a public blog service in Hong Kong and a compromised web server in Japan for command and control. The developer soon added various new features to the code and released an updated version in June. The attacks with the latest variants we found in September have following characteristics.\nTargets personnel or organizations related to South Korea or video games industry\nDistributes malware through Google Drive\nObtains C2 address from GitHub\nUses Microsoft Windows Background Intelligent Transfer Service(BITS) to maintain persistence.", + "value": "UBoatRAT", + "meta": { + "refs": [ + "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/" + ] + } } ] }