diff --git a/clusters/rat.json b/clusters/rat.json index 5ae1e48..1cfebba 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -2547,6 +2547,16 @@ "https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/" ] }, + "related": [ + { + "dest-uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } +], + "uuid": "cb23f563-a8b9-4427-9884-594e8d3cc836", "value": "Cardinal" }, @@ -3321,5 +3331,5 @@ "value": "H-worm" } ], - "version": 25 + "version": 26 } diff --git a/clusters/tool.json b/clusters/tool.json index 53bd992..99233f0 100644 --- a/clusters/tool.json +++ b/clusters/tool.json @@ -4991,6 +4991,16 @@ "type": "similar" } ], + "related": [ + { + "dest-uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } +], + "uuid": "1d9fbf33-faea-40c1-b543-c7b39561f0ff", "value": "Cardinal RAT" }, @@ -7584,7 +7594,43 @@ ], "uuid": "bb6492fa-36b5-4f4a-a787-e718e7f9997f", "value": "SLUB Backdoor" + }, + { + "description": "In 2017, Unit 42 reported on and analyzed a low-volume malware family called Cardinal RAT. This malware family had remained undetected for over two years and was delivered via a unique downloader named Carp Downloader.", + "meta": { + "refs": [ + "https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/" + ] + }, + "uuid": "8fb35101-dad6-4628-84ab-905afacb986b", + "value": "Carp Downloader" + }, + { + "description": "EVILNUM is a JavaScript-based malware family that is used in attacks against similar organizations.", + "meta": { + "refs": [ + "https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/" + ] + }, + "related": [ + { + "dest-uuid": "cb23f563-a8b9-4427-9884-594e8d3cc836", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + }, + { + "dest-uuid": "1d9fbf33-faea-40c1-b543-c7b39561f0ff", + "tags": [ + "estimative-language:likelihood-probability=\"likely\"" + ], + "type": "similar" + } + ], + "uuid": "e1ca79eb-5629-4267-bb37-3992c7126ef4", + "value": "EVILNUM" } ], - "version": 114 + "version": 115 }