Skip to content

Hide Navigation Hide TOC

UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f)

UBoatRAT is a remote access tool that was identified in May 2017.(Citation: PaloAlto UBoatRAT Nov 2017)

Cluster A Galaxy A Cluster B Galaxy B Level
UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 1
UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f) Malware BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7) Attack Pattern 1
UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 1
UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f) Malware Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 1
UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
UBoatRAT - S0333 (518bb5f1-91f4-4ff2-b09d-5a94e1ebe95f) Malware System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 1
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d) Attack Pattern System Checks - T1497.001 (29be378d-262d-4e99-b00d-852d573628e6) Attack Pattern 2