SYMBOLCOMMON_NAMEaka. SYNONYMS
win.roar_bat (Back to overview)

RoarBAT

Actor(s): Sandworm


According to SOCRadar, this is a batch script that uses WinRAR to delete files with target file extensions from a disk.

References
2023-05-04SOCRadarSOCRadar
@online{socradar:20230504:sandworm:da4d4f4, author = {SOCRadar}, title = {{Sandworm Attackers Use WinRAR to Wipe Data from Government Devices}}, date = {2023-05-04}, organization = {SOCRadar}, url = {https://socradar.io/sandworm-attackers-use-winrar-to-wipe-data-from-government-devices/}, language = {English}, urldate = {2023-07-20} } Sandworm Attackers Use WinRAR to Wipe Data from Government Devices
RoarBAT

There is no Yara-Signature yet.