ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Sakula RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Sakula RAT

NamesSakula RAT
Sakurel
CategoryMalware
TypeBackdoor, Downloader, Exfiltration
Description(SecureWorks) Sakula uses HTTP GET and POST communication for command and control (C2). Network communication is obfuscated with single-byte XOR encoding. Sakula also leverages single-byte XOR encoding to obfuscate various strings and files embedded in the resource section, which are subsequently used for User Account Control (UAC) bypass on both 32 and 64-bit systems.
Information<https://www.secureworks.com/research/sakula-malware-family>
<https://cyberthreatintelligenceblog.wordpress.com/2018/11/16/c0ld-case-from-aerospace-to-chinas-interests/>
<https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/sakula-an-adventure-in-dll-planting/>
<https://github.com/nccgroup/Cyber-Defence/tree/master/Technical%20Notes/Sakula>
MITRE ATT&CK<https://attack.mitre.org/software/S0074/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.sakula_rat>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Sakula>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool Sakula RAT

ChangedNameCountryObserved

APT groups

 APT 31, Judgment Panda, ZirconiumChina2016 
 Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu KittensChina2010-Oct 2018X

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key