March 5, 2024 at 03:28PM
The ‘WogRAT’ malware targets Windows and Linux, utilizing the ‘aNotepad’ platform to store and retrieve malicious code. Named by AhnLab Security Intelligence Center (ASEC), it has been active since late 2022, targeting Asian countries. The malware employs covert distribution methods to avoid detection, using an online, legitimate service for stealthier infection. WogRAT has multiple functions and versions for different systems, with the Windows version disguised as an Adobe tool and the Linux version employing Tiny Shell for its operations. ASEC has published a full list of indicators of compromise (IoCs) associated with WogRAT.
Based on the meeting notes, here are the key takeaways:
1. A new malware called ‘WogRAT’ has been identified by AhnLab Security Intelligence Center (ASEC) researchers, targeting both Windows and Linux systems.
2. The malware abuses the legitimate online notepad platform ‘aNotepad’ to host and retrieve malicious code, using base64 encoding to disguise the code as a legitimate file.
3. WogRAT features a Windows version that includes a malware downloader and a backdoor DLL, which allows it to send system profiles to a command and control (C2) server and execute various commands.
4. The Linux variant of WogRAT comes in ELF form and utilizes Tiny Shell for routing operations and additional encryption in its communication with the C2.
5. A notable difference in the Linux variant is that commands are not sent via POST requests but through a reverse shell created on a given IP and port.
6. It is important to be aware of the indicators of compromise (IoCs) relating to WogRAT, which can be found in ASEC’s report for further reference and action.
These are the key points from the meeting notes regarding the ‘WogRAT’ malware. Let me know if there is anything else I can assist you with.