SYMBOLCOMMON_NAMEaka. SYNONYMS
win.roar_bat (Back to overview)

RoarBAT

Actor(s): Sandworm

According to SOCRadar, this is a batch script that uses WinRAR to delete files with target file extensions from a disk.

References
2024-04-16MandiantAlden Wahlstrom, Anton Prokopenkov, Dan Black, Dan Perez, Gabby Roncone, John Wolfram, Lexie Aytes, Nick Simonian, Ryan Hall, Tyler McLellan
APT44: Unearthing Sandworm
VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm
2023-05-04SOCRadarSOCRadar
Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
RoarBAT

There is no Yara-Signature yet.