CARROTBAT

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Carrotbat is a malicious software, or malware, first discovered in December 2017 during an attack. The discovery was made by Unit 42, which dubbed the malware family "Carrotbat". It was found to be related to another attack on a British government agency due to overlaps within the attack infrastructure, although there's no evidence that Carrotbat was used in this particular attack. The malware has been associated with a campaign called 'Fractured Block', and it can infiltrate systems via suspicious downloads, emails, or websites, with the potential to steal personal information, disrupt operations, or hold data for ransom. Since its initial discovery, a total of 29 unique Carrotbat samples have been identified, containing 12 confirmed unique decoy documents. The group behind Carrotbat has been observed to increase the type and complexity of their payload delivery mechanisms over time, starting with simple Base64 strings and later leveraging Carrotbat itself and another malware called Carrotball. The development and use of Carrotball alongside Carrotbat suggest that the group's previous infection methods might be becoming less effective. Unit 42 continued to observe targeted Carrotbat activity into 2019, indicating that both Carrotbat and Carrotball were still being used by the Konni Group. In 2018, Unit 42 had released several blogs on Konni Group's activities and identified two new malware families, Nokki and Carrotbat, that the group was using in their attacks. AutoFocus customers can track these samples using various tags including FracturedStatue, Syscon, Konni, Carrotbat, and Carrotball.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CARROTBAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia
MITRE
a year ago
The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks