Free Trial
|
Login
Free Trial
Login
Platform

Platform

I want to

report
WHITEPAPER Picus Red Report 2024
white paper
DATASHEET Security Validation Platform
Use Cases

Use Cases

Frameworks

Group
WHITEPAPER Building a Robust Defense-in-Depth Strategy with Breach and Attack Simulation (BAS)
webinar
ON-DEMAND Top Ten ATT&CK Techniques: The Rise of ‘Hunter-Killer’ Malware
Research

RESEARCH

LEARNING

report (1)
REPORT 2024 Gartner® Peer Insights™ Voice of the Customer for Breach and Attack Simulation (BAS) Tools
report (1)
REPORT Blue Report: Effective Threat Exposure Management
Resources

RESOURCES

LEARNING

Group
WHITEPAPER Double Your Threat Blocking in 90 Days
webinar
UPCOMING WEBINAR Maximizing Cybersecurity with GenAI
Company

COMPANY

PARTNERS

webinar
UPCOMING WEBINAR Maximizing Cybersecurity with GenAI
Data sheet
DATASHEET The Pioneer of Breach & Attack Simulation
GET A DEMO

BIOPASS RAT Malware Targets Its Victims via Watering Hole Attacks

Suleyman Ozarslan, PhD | July 26, 2021

The Red Report 2024

The Top 10 MITRE ATT&CK Techniques Used by Adversaries

DOWNLOAD

Researchers found a new RAT (Remote Access Trojan) named BIOPASS that uses a watering hole attack to deceive users into downloading a malware loader masqueraded as a legitimate installer for well-known software like Adobe Flash Player or Microsoft Silverlight [1].

Masquerading (MITRE ATT&CK T1036) is a defense evasion technique. Adversaries change features of their malicious artifacts with legitimate and trusted ones, such as code signatures, names and location of malware files, names of tasks and services. After masquerading, malicious artifacts of adversaries such as malware files appear legitimate to users and security controls. Malware downloader payload of BIOPASS RAT disguised as a legitimate installer for well-known applications using their names and icons.

File system assessment, remote desktop connection, data collection from web browsers and instant messaging clients, exfiltrating collected data and files, and shell command execution are basic functionalities of the BIOPASS malware. In addition to these common RAT features, BIOPASS RAT abuses the framework of Open Broadcaster Software (OBS) Studio to sniff the victim's screen and initiate live broadcasting to a cloud service via Real-Time Messaging Protocol (RTMP).

Picus Labs has updated the Picus Threat Library with new attack methods for malware samples used by the Biopass RAT. 

Picus ID

Threat Name

420231

BIOPASS RAT .EXE File Download Variant-1

784483

BIOPASS RAT .EXE File Download Variant-2

726967

BIOPASS RAT .EXE File Download Variant-3

276536

BIOPASS RAT .EXE File Download Variant-4

 

 

 

 

 

 

Other RATs (Remote Access Trojans) Malware in Picus Threat Library

Picus Threat Library consists of 446 threats for Remote Access Trojans / Remote Access Tools, including HabitsRAT, DarkComet, SystemBC, DueDLLigence, TrimBishop, CRAT, ComRAT, Taidoor, NanoCore, Blindingcan, GoldenSpy, Dark Crystal, PoetRAT, Netwire, ZxShell, CrimsonRAT, Loda, JhoneRAT, PyXie, SectopRAT, RevengeRAT, Remcos, Neuvert, NukeSped, Bitter, Ratatouille, Warzone RAT, Proyecto RAT, Imminent RAT, Saefko, Zeroaccess, and PlugX.

References

[1] https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html

DISCOVER
MORE RESOURCES

How to Build a Red Teaming Attack Scenario | Part 1 - Bypass Security Controls

Read More

MITRE ATT&CK T1082 System Information Discovery

Read More

Picus Threat Library Updated for Lempo Malware of the TA456 (Tortoiseshell, Impe...

Read More