3102 RAT

Description

(Palo Alto) On May 6 and May 11, 2015, Unit 42 observed two targeted attacks, the first against the U.S. government and the second on a European media company. Threat actors delivered the same document via spear-phishing emails to both organizations. The actors weaponized the delivery document to install a variant of the ‘9002 RAT’ Trojan called ‘3102’ that heavily relies on plugins to provide functionality needed by the actors to carry out on their objectives.

The 3102 payload used in this attack also appears to be related to the EvilGrab RAT payload delivered in the watering hole attack hosted on the President of Myanmar’s website in May 2015. Additionally, we uncovered ties between the C2 infrastructure and individuals in China active in online hacking forums that claim to work in Trojan development.

Names

Name
3102 RAT

Type

Backdoor
Info stealer

Information

https://unit42.paloaltonetworks.com/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/

Other Information

Uuid

fae56cde-ba06-490d-be43-2b637ac32ac0

Last Card Change

2020-04-20

Threat Intelligence Garden

Explorer

3102 RAT

3102 RAT

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks