add Sepulcher RAT

This commit is contained in:
Deborah Servili 2020-09-22 16:23:39 +02:00
parent 4f3b6945c0
commit d48216031a
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1

View file

@ -3452,6 +3452,19 @@
}, },
"uuid": "9d36db93-7d60-4da6-a611-1a32e02a054f", "uuid": "9d36db93-7d60-4da6-a611-1a32e02a054f",
"value": "SDBbot" "value": "SDBbot"
},
{
"description": "A China-based APT has been sending organizations spear-phishing emails that distribute a never-before-seen intelligence-collecting RAT dubbed Sepulcher.\n\nResearchers discovered the new malware being distributed over the past six months through two separate campaigns. The first, in March, targeted European diplomatic and legislative bodies, non-profit policy research organizations and global organizations dealing with economic affairs. The second, in July, targeted Tibetan dissidents. They tied the campaigns to APT group TA413, which researchers say has been associated with Chinese state interests and is known for targeting the Tibetan community.\n\n“Based on the use of publicly known sender addresses associated with Tibetan dissident targeting and the delivery of Sepulcher malware payloads, [we] have attributed both campaigns to the APT actor TA413,” said Proofpoint researchers in a Wednesday analysis. “The usage of publicly known Tibetan-themed sender accounts to deliver Sepulcher malware demonstrates a short-term realignment of TA413s targets of interest.”",
"meta": {
"refs": [
"https://www.enigmasoftware.fr/logicielmalveillantsepulcher-supprimer/",
"https://threatpost.com/chinese-apt-sepulcher-malware-phishing-attacks/158871/",
"https://malpedia.caad.fkie.fraunhofer.de/details/win.sepulcher",
"https://cyware.com/news/chinese-apt-ta413-found-distributing-sepulcher-malware-176a0969"
]
},
"uuid": "d0ed7527-cd1b-4b05-bbac-2e409ca46104",
"value": "Sepulcher"
} }
], ],
"version": 34 "version": 34