{ "type": "bundle", "id": "bundle--14085587-a127-4b2a-8c81-940349e07194", "spec_version": "2.0", "objects": [ { "labels": [ "tool" ], "x_mitre_platforms": [ "Windows" ], "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_aliases": [ "ShimRatReporter" ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "id": "tool--115f88dd-0618-4389-83cb-98d33ae81848", "type": "tool", "created": "2020-05-12T21:29:48.294Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "external_references": [ { "external_id": "S0445", "source_name": "mitre-attack", "url": "https://attack.mitre.org/software/S0445" }, { "source_name": "FOX-IT May 2016 Mofang", "url": "https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf", "description": "Yonathan Klijnsma. (2016, May 17). Mofang: A politically motivated information stealing adversary. Retrieved May 12, 2020." } ], "modified": "2020-05-27T22:39:28.701Z", "name": "ShimRatReporter", "description": "[ShimRatReporter](https://attack.mitre.org/software/S0445) is a tool used by suspected Chinese adversary [Mofang](https://attack.mitre.org/groups/G0103) to automatically conduct initial discovery. The details from this discovery are used to customize follow-on payloads (such as [ShimRat](https://attack.mitre.org/software/S0444)) as well as set up faux infrastructure which mimics the adversary's targets. [ShimRatReporter](https://attack.mitre.org/software/S0445) has been used in campaigns targeting multiple countries and sectors including government, military, critical infrastructure, automobile, and weapons development.(Citation: FOX-IT May 2016 Mofang)", "x_mitre_version": "1.0", "x_mitre_attack_spec_version": "2.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }