CARROTBALL

Description

(Palo Alto) CARROTBALL, initially discovered in an attack during October 2019, is a simple FTP downloader utility which facilitates the installation of Syscon, a full-featured Remote Access Trojan (RAT) which leverages FTP for Command and Control (C2). It was found embedded in a malicious Word document sent as a phishing lure to a US government agency and two non-US foreign nationals professionally associated with North Korea.

Names

Name
CARROTBALL

Type

Dropper

Information

https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/

Mitre Attack

https://attack.mitre.org/software/S0465/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.carrotball

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:carrotball

Other Information

Uuid

9ab63043-dd17-4e16-97af-d79d55b5c5da

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

CARROTBALL

CARROTBALL

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks