Merge pull request #126 from Delta-Sierra/master

add UBoatRAT
This commit is contained in:
Alexandre Dulaunoy 2017-11-29 15:18:08 +01:00 committed by GitHub
commit 3594dcea1e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -2151,6 +2151,15 @@
"https://www.us-cert.gov/ncas/alerts/TA17-318A" "https://www.us-cert.gov/ncas/alerts/TA17-318A"
] ]
} }
},
{
"description": "Alto Networks Unit 42 has identified attacks with a new custom Remote Access Trojan (RAT) called UBoatRAT. The initial version of the RAT, found in May of 2017, was simple HTTP backdoor that uses a public blog service in Hong Kong and a compromised web server in Japan for command and control. The developer soon added various new features to the code and released an updated version in June. The attacks with the latest variants we found in September have following characteristics.\nTargets personnel or organizations related to South Korea or video games industry\nDistributes malware through Google Drive\nObtains C2 address from GitHub\nUses Microsoft Windows Background Intelligent Transfer Service(BITS) to maintain persistence.",
"value": "UBoatRAT",
"meta": {
"refs": [
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
]
}
} }
] ]
} }