NAME:
CARROTBAT

Alias
Fractured Block

Description:
CARROTBAT is a dropper utilized in a campaign to deliver lures primarily pertaining to the South Korea and North Korea region. Related activity was initially discovered in an attack on December 2017 against a British government agency using the SYSCON malware family. Palo Alto found that there was infrastructure overlap between the CARROTBAT and KONNI malware families. Finding CARROTBAT provided an important keystone in identifying Fractured Block Campaign activity to make them able to find related OceanSalt, SYSCON and KONNI activity.

References:
https://researchcenter.paloaltonetworks.com/2018/11/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/#appendix