ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool LIGHTDART

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: LIGHTDART

NamesLIGHTDART
CategoryMalware
TypeDownloader
DescriptionLIGHTDART is a tool used to access a pre-configured web page that hosts an interface to query a database or data set. The tool then downloads the results of a query against that web page to an encrypted RAR file. This RAR file (1.rar) is renamed and uploaded to an attacker controlled FTP server, or uploaded via an HTTP POST with a .jpg extension. The malware will execute this search once a day. The target webpage usually contains information useful to the attacker, which is updated on a regular basis. Examples of targeted information include weather information or ship coordinates.
Information<http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html>

Last change to this tool card: 19 April 2020

Download this tool card in JSON format

Previous: LightBot
Next: LightNeuron

All groups using tool LIGHTDART

ChangedNameCountryObserved

APT groups

 Comment Crew, APT 1China2006-May 2018X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key