CISA Malware Analysis Report: ComRat

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has published a TLP:WHITE Malware Analysis Report (MAR) regarding a malware variant known as ComRAT. According to the MAR, this malware has been used by Turla, a Russian-sponsored Advanced Persistent Threat (APT) actor. This MAR is being distributed to enable network defense and reduced exposure to malicious activity. It contains a detailed description of the activities that were observed as well as lists of recommendations for users and administrators to apply to strengthen the security posture of their organization’s systems. The MAR states users or administrators should flag activity associated with the malware and report the activity to the CISA at CI*************@******hs.gov or 888-282-0870 or the FBI Cyber Watch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov and give the activity the highest priority for enhanced mitigation. Read the MAR at CISA.