Sakula RAT

Description

(SecureWorks) Sakula uses HTTP GET and POST communication for command and control (C2). Network communication is obfuscated with single-byte XOR encoding. Sakula also leverages single-byte XOR encoding to obfuscate various strings and files embedded in the resource section, which are subsequently used for User Account Control (UAC) bypass on both 32 and 64-bit systems.

Names

Name
Sakula RAT
Sakula
Sakurel
VIPER

Type

Backdoor
Downloader
Exfiltration

Information

https://www.secureworks.com/research/sakula-malware-family
https://cyberthreatintelligenceblog.wordpress.com/2018/11/16/c0ld-case-from-aerospace-to-chinas-interests/
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/sakula-an-adventure-in-dll-planting/
https://github.com/nccgroup/Cyber-Defence/tree/master/Technical%20Notes/Sakula

Mitre Attack

https://attack.mitre.org/software/S0074/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.sakula_rat

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Sakula

Other Information

Uuid

60bcd6ad-2ac9-4ca8-82d2-54b200d0b098

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

Sakula RAT

Sakula RAT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks