Reaver

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Reaver is a malicious software (malware) that was discovered to share code with Mirage, another malware, as evidenced by a code reuse analysis report (SHA256: 28d6a9a709b9ead84aece250889a1687c07e19f6993325ba5295410a478da30a). Both of these malwares have been attributed to Chinese government-affiliated groups. This discovery was made during a VirusTotal hunting exercise, where a new version of the Remote Access Trojan (RAT) was found through a YARA signature created based on code unique to both Mirage and Reaver. Similar to its counterpart, Reaver operates by acquiring the IP or domain of the Command & Control (C&C) server, the port, name of the binary, a sleep timer, and what Palo Alto refers to as a "campaign identifier". These operations were detailed in a post by Palo Alto Networks' research center. This information allows the malware to effectively communicate with its C&C server, enabling it to carry out its malicious activities which include stealing personal data, disrupting operations, and potentially holding user data for ransom. The ties between Reaver, Mirage, and the Chinese government-affiliated groups reveal a sophisticated level of cyber espionage and threat activity. The shared code between Reaver and Mirage indicates a possible connection or common source, suggesting an organized, state-sponsored cyber operation. As such, it is crucial for individuals and organizations to maintain robust cybersecurity measures to protect against such threats.
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Reaver Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones - Intezer