SYMBOLCOMMON_NAMEaka. SYNONYMS

Dark Caracal  (Back to overview)

aka: G0070

Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen data includes enterprise intellectual property and personally identifiable information.


Associated Families
jar.crossrat win.bandook

References
2023-02-10Electronic Frontier FoundationCooper Quintin
@online{quintin:20230210:uncle:8c22271, author = {Cooper Quintin}, title = {{Uncle Sow: Dark Caracal in Latin America}}, date = {2023-02-10}, organization = {Electronic Frontier Foundation}, url = {https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america}, language = {English}, urldate = {2023-02-21} } Uncle Sow: Dark Caracal in Latin America
Bandook
2021-07-19ProofpointJoe Wise, Konstantin Klinger, Selena Larson, Proofpoint Threat Research Team
@online{wise:20210719:new:cb02a85, author = {Joe Wise and Konstantin Klinger and Selena Larson and Proofpoint Threat Research Team}, title = {{New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware}}, date = {2021-07-19}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/new-threat-actor-uses-spanish-language-lures-distribute-seldom-observed-bandook}, language = {English}, urldate = {2021-07-26} } New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware
Bandook
2021-07-07ESET ResearchFernando Tavella, Matías Porolli
@online{tavella:20210707:bandidos:f734d08, author = {Fernando Tavella and Matías Porolli}, title = {{Bandidos at large: A spying campaign in Latin America}}, date = {2021-07-07}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/}, language = {English}, urldate = {2021-07-09} } Bandidos at large: A spying campaign in Latin America
Bandook
2020-12-10Electronic Frontier FoundationCooper Quintin, Eva Galperin
@online{quintin:20201210:dark:8ea58ac, author = {Cooper Quintin and Eva Galperin}, title = {{Dark Caracal: You Missed a Spot}}, date = {2020-12-10}, organization = {Electronic Frontier Foundation}, url = {https://www.eff.org/deeplinks/2020/12/dark-caracal-you-missed-spot}, language = {English}, urldate = {2020-12-11} } Dark Caracal: You Missed a Spot
Bandook
2020-11-26CheckpointCheck Point Research
@online{research:20201126:bandook:7796023, author = {Check Point Research}, title = {{Bandook: Signed & Delivered}}, date = {2020-11-26}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2020/bandook-signed-delivered/}, language = {English}, urldate = {2020-12-01} } Bandook: Signed & Delivered
Bandook
2020-11-26Check PointCheckpoint Research
@online{research:20201126:bandook:c06ea4b, author = {Checkpoint Research}, title = {{Bandook: Signed & Delivered}}, date = {2020-11-26}, organization = {Check Point}, url = {https://research.checkpoint.com/2020/bandook-signed-delivered}, language = {English}, urldate = {2022-07-13} } Bandook: Signed & Delivered
Bandook Dark Caracal
2019MITREMITRE ATT&CK
@online{attck:2019:dark:01cd067, author = {MITRE ATT&CK}, title = {{Group description: Dark Caracal}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0070/}, language = {English}, urldate = {2019-12-20} } Group description: Dark Caracal
Dark Caracal
2018-01-24Objective-SeePatrick Wardle
@online{wardle:20180124:analyzing:5922fbb, author = {Patrick Wardle}, title = {{Analyzing CrossRAT: A cross-platform implant, utilized in a global cyber-espionage campaign}}, date = {2018-01-24}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x28.html}, language = {English}, urldate = {2019-11-27} } Analyzing CrossRAT: A cross-platform implant, utilized in a global cyber-espionage campaign
CrossRAT
2018-01-18LookoutAndrew Blaich, Apurva Kumar, Jeremy Richards, Michael Flossman, Cooper Quintin, Eva Galperin
@techreport{blaich:20180118:dark:31c31f6, author = {Andrew Blaich and Apurva Kumar and Jeremy Richards and Michael Flossman and Cooper Quintin and Eva Galperin}, title = {{Dark Caracal: Cyber-espionage at a Global Scal}}, date = {2018-01-18}, institution = {Lookout}, url = {https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf}, language = {English}, urldate = {2020-06-08} } Dark Caracal: Cyber-espionage at a Global Scal
CrossRAT Bandook Dark Caracal
2016-08Electronic Frontier FoundationEva Galperin, Cooper Quintin, Morgan Marquis-Boire, Claudio Guarnieri
@techreport{galperin:201608:operation:38ba7ff, author = {Eva Galperin and Cooper Quintin and Morgan Marquis-Boire and Claudio Guarnieri}, title = {{Operation Manul}}, date = {2016-08}, institution = {Electronic Frontier Foundation}, url = {https://www.eff.org/files/2018/01/29/operation-manul.pdf}, language = {English}, urldate = {2020-06-08} } Operation Manul
jRAT Bandook

Credits: MISP Project