RDAT

Description

(Palo Alto) The adversaries compiled the RDAT payloads used in the attacks on the Middle Eastern telecommunications organization on March 1, 2020, and configured it to use a domain provided on the command line or the hardcoded domain rsshay[.]com as its C2 server. Unlike previous RDAT samples, this particular sample only uses DNS tunneling for its C2 communications with no HTTP fallback channel. This RDAT sample can only use TXT queries in its DNS tunnel.

Names

Name
RDAT
GREYSTUFF

Type

Backdoor
Tunneling

Information

https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020OverWatchNowheretoHide.pdf

Mitre Attack

https://attack.mitre.org/software/S0495/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.rdat

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:rdat

Other Information

Uuid

52268b11-5917-4022-a87a-3cb14973ccb0

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

RDAT

RDAT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks