UBoatRAT
ID: S0333
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.2
Created: 29 January 2019
Last Modified: 10 April 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1197 | BITS任务 |
UBoatRAT takes advantage of the /SetNotifyCmdLine option in BITSAdmin to ensure it stays running on a system to maintain persistence.[1] |
|
| Enterprise | T1573 | .001 | 加密通道: Symmetric Cryptography |
UBoatRAT encrypts instructions in its C2 network payloads using a simple XOR cipher.[1] |
| Enterprise | T1059 | .003 | 命令与脚本解释器: Windows Command Shell | |
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols | |
| Enterprise | T1102 | .002 | 网络服务: Bidirectional Communication |
UBoatRAT has used GitHub and a public blog service in Hong Kong for C2 communications.[1] |
| Enterprise | T1497 | .001 | 虚拟化/沙盒规避: System Checks |
UBoatRAT checks for virtualization software such as VMWare, VirtualBox, or QEmu on the compromised machine.[1] |
| Enterprise | T1105 | 输入工具传输 |
UBoatRAT can upload and download files to the victim’s machine.[1] |
|
| Enterprise | T1057 | 进程发现 | ||