mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
add COATHANGER RAT
This commit is contained in:
parent
8643f5f555
commit
6222443b24
1 changed files with 12 additions and 1 deletions
|
@ -3634,7 +3634,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "b30cb6f4-1e0a-4a97-8d88-ca38f83b4422",
|
"uuid": "b30cb6f4-1e0a-4a97-8d88-ca38f83b4422",
|
||||||
"value": "STRRAT"
|
"value": "STRRAT"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Chinese FortiGate RAT. The COATHANGER malware is a remote access trojan (RAT) designed specifically for Fortigate appliances. It is used as second-stage malware, and does not exploit a new vulnerability. Intelligence services MIVD & AIVD refer to the malware as COATHANGER based on a string present in the code./nThe COATHANGER malware is stealthy and persistent. It hides itself by hooking system calls that could reveal its presence. It survives reboots and firmware upgrades./nMIVD & AIVD assess with high confidence that the malicious activity was conducted by a state-sponsored actor from the People’s Republic of China. This is part of a wider trend of Chinese political espionage against the Netherlands and its allies./nMIVD & AIVD assess that use of COATHANGER may be relatively targeted. The Chinese threat actor(s) scan for vulnerable edge devices at scale and gain access opportunistically, and likely introduce COATHANGER as a communication channel for select victims.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://github.com/JSCU-NL/COATHANGER",
|
||||||
|
"https://www.ncsc.nl/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "c04e9738-de62-43e4-b645-2e308c1f77f7",
|
||||||
|
"value": "COATHANGER"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 44
|
"version": 45
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue