mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
add UBoatRAT
This commit is contained in:
parent
a46903b8dd
commit
695d580d3c
1 changed files with 9 additions and 0 deletions
|
@ -2151,6 +2151,15 @@
|
|||
"https://www.us-cert.gov/ncas/alerts/TA17-318A"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"description": "Alto Networks Unit 42 has identified attacks with a new custom Remote Access Trojan (RAT) called UBoatRAT. The initial version of the RAT, found in May of 2017, was simple HTTP backdoor that uses a public blog service in Hong Kong and a compromised web server in Japan for command and control. The developer soon added various new features to the code and released an updated version in June. The attacks with the latest variants we found in September have following characteristics.\nTargets personnel or organizations related to South Korea or video games industry\nDistributes malware through Google Drive\nObtains C2 address from GitHub\nUses Microsoft Windows Background Intelligent Transfer Service(BITS) to maintain persistence.",
|
||||
"value": "UBoatRAT",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue