S0445Windows

S0445ShimRatReporter

Platforms
1
ATT&CK
14.1
References
2

Description

[ShimRatReporter](https://attack.mitre.org/software/S0445) is a tool used by suspected Chinese adversary [Mofang](https://attack.mitre.org/groups/G0103) to automatically conduct initial discovery. The details from this discovery are used to customize follow-on payloads (such as [ShimRat](https://attack.mitre.org/software/S0444)) as well as set up faux infrastructure which mimics the adversary's targets. [ShimRatReporter](https://attack.mitre.org/software/S0445) has been used in campaigns targeting multiple countries and sectors including government, military, critical infrastructure, automobile, and weapons development.(Citation: FOX-IT May 2016 Mofang)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupMofangg010395%live

References

  1. https://attack.mitre.org/software/S0445
  2. https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
ShimRat
Software
4H RAT
Software
GovRAT
Software
Imminent Monitor
Software
RDAT
Software
ShadowPad
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.