Tool: RDAT| Names | RDAT | |
| Category | Malware | |
| Type | Backdoor, Tunneling | |
| Description | (Palo Alto) The adversaries compiled the RDAT payloads used in the attacks on the Middle Eastern telecommunications organization on March 1, 2020, and configured it to use a domain provided on the command line or the hardcoded domain rsshay[.]com as its C2 server. Unlike previous RDAT samples, this particular sample only uses DNS tunneling for its C2 communications with no HTTP fallback channel. This RDAT sample can only use TXT queries in its DNS tunnel. | |
| Information | <https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:rdat> | |
Last change to this tool card: 23 July 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| OilRig, APT 34, Helix Kitten, Chrysene |  | 2014-Apr 2020 |  | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |