Ratsnif

Ratsnif is a remote access trojan used in cyber-espionage campaigns from the OceanLotus group. A remote shell can be set up and served for ARP poisoning (to route traffic through the Ratsnif), DNS spoofing, and HTTP direction. It has the ability to modify web pages and SSL hijacking. It has a configuration file to make features more efficient: HTTP injection, protocol parsing, and SSL hijacking with separately supplied SSL certificates.

Technical Details

  • Bleeping Computer provides technical analysis on Ratsnif, here.

Ratsnif-DNS-poisoning.png