RIPTIDE

RIPTIDE is a proxy-aware backdoor used by APT12. [1]

ID: S0003
Aliases: RIPTIDE
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1043Commonly Used PortRIPTIDE is a RAT that communicates with HTTP.[1]
EnterpriseT1071Standard Application Layer ProtocolAPT12 has used RIPTIDE, a RAT that uses HTTP to communicate.[1]
EnterpriseT1032Standard Cryptographic ProtocolAPT12 has used the RIPTIDE RAT, which communicates over HTTP with a payload encrypted with RC4.[1]

Groups

Groups that use this software:

APT12

References