From d48216031a2c5a9d1c8182264ad1f20b52b3875b Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Tue, 22 Sep 2020 16:23:39 +0200 Subject: [PATCH] add Sepulcher RAT --- clusters/rat.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/clusters/rat.json b/clusters/rat.json index 9c8f5b3..3bc63b8 100644 --- a/clusters/rat.json +++ b/clusters/rat.json @@ -3452,6 +3452,19 @@ }, "uuid": "9d36db93-7d60-4da6-a611-1a32e02a054f", "value": "SDBbot" + }, + { + "description": "A China-based APT has been sending organizations spear-phishing emails that distribute a never-before-seen intelligence-collecting RAT dubbed Sepulcher.\n\nResearchers discovered the new malware being distributed over the past six months through two separate campaigns. The first, in March, targeted European diplomatic and legislative bodies, non-profit policy research organizations and global organizations dealing with economic affairs. The second, in July, targeted Tibetan dissidents. They tied the campaigns to APT group TA413, which researchers say has been associated with Chinese state interests and is known for targeting the Tibetan community.\n\n“Based on the use of publicly known sender addresses associated with Tibetan dissident targeting and the delivery of Sepulcher malware payloads, [we] have attributed both campaigns to the APT actor TA413,” said Proofpoint researchers in a Wednesday analysis. “The usage of publicly known Tibetan-themed sender accounts to deliver Sepulcher malware demonstrates a short-term realignment of TA413’s targets of interest.”", + "meta": { + "refs": [ + "https://www.enigmasoftware.fr/logicielmalveillantsepulcher-supprimer/", + "https://threatpost.com/chinese-apt-sepulcher-malware-phishing-attacks/158871/", + "https://malpedia.caad.fkie.fraunhofer.de/details/win.sepulcher", + "https://cyware.com/news/chinese-apt-ta413-found-distributing-sepulcher-malware-176a0969" + ] + }, + "uuid": "d0ed7527-cd1b-4b05-bbac-2e409ca46104", + "value": "Sepulcher" } ], "version": 34