LIGHTDART

Description

LIGHTDART is a tool used to access a pre-configured web page that hosts an interface to query a database or data set. The tool then downloads the results of a query against that web page to an encrypted RAR file. This RAR file (1.rar) is renamed and uploaded to an attacker controlled FTP server, or uploaded via an HTTP POST with a .jpg extension. The malware will execute this search once a day. The target webpage usually contains information useful to the attacker, which is updated on a regular basis. Examples of targeted information include weather information or ship coordinates.

Names

Name
LIGHTDART

Category

Malware

Type

  • Downloader

Information

Other Information

Uuid

e9767a75-c5bf-4193-a6b0-1d7dcdec01d1

Last Card Change

2020-04-20