SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.zuo_rat (Back to overview)

ZuoRAT

According to Black Lotus Labs, ZuoRAT is a MIPS file compiled for SOHO routers that can enumerate a host and internal LAN, capture packets being transmitted over the infected device and perform person-in-the-middle attacks (DNS and HTTPS hijacking based on predefined rules).

References
2023-07-18MandiantMandiant Intelligence
@online{intelligence:20230718:stealth:789e8b1, author = {Mandiant Intelligence}, title = {{Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection}}, date = {2023-07-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/chinese-espionage-tactics}, language = {English}, urldate = {2023-07-19} } Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection
BPFDoor SALTWATER SEASPY SideWalk ZuoRAT Daxin HyperBro HyperSSL Waterbear
2022-06-28LumenBlack Lotus Labs
@online{labs:20220628:zuorat:f60583e, author = {Black Lotus Labs}, title = {{ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks}}, date = {2022-06-28}, organization = {Lumen}, url = {https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/}, language = {English}, urldate = {2022-06-30} } ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks
ZuoRAT Cobalt Strike

There is no Yara-Signature yet.