S0444Windows

S0444ShimRat

Platforms
1
ATT&CK
14.1
References
2

Description

[ShimRat](https://attack.mitre.org/software/S0444) has been used by the suspected China-based adversary [Mofang](https://attack.mitre.org/groups/G0103) in campaigns targeting multiple countries and sectors including government, military, critical infrastructure, automobile, and weapons development. The name "[ShimRat](https://attack.mitre.org/software/S0444)" comes from the malware's extensive use of Windows Application Shimming to maintain persistence. (Citation: FOX-IT May 2016 Mofang)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupMofangg010395%live

References

  1. https://attack.mitre.org/software/S0444
  2. https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
ShimRatReporter
Software
4H RAT
Software
ShadowPad
Software
ObliqueRAT
Software
GovRAT
Software
Shamoon
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.