SYMBOLCOMMON_NAMEaka. SYNONYMS
win.unidentified_066 (Back to overview)

Unidentified 066

Actor(s): Operation C-Major


This .net executable can receive commands from c2 sever, upload and download files according to the returned content, perform an uninstall, or modify the registry to achieve persistence across reboots. At the end, it downloads a Python-based RAT, called PeppyRAT.

References
2019-03-05TencentTencent
TransparentTribe APT organizes 2019 attacks on Indian government and military targets
Crimson RAT Unidentified 066 Operation C-Major

There is no Yara-Signature yet.