Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 1c902c82-b801-4364-ac08-8dbf629763af |
| Fingerprint | b585bd1bafb70f89 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 4, 2024, 1:36 p.m. |
| Added to db | Nov. 4, 2024, 3:09 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT |
| Title | Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT |
| Detected Hints/Tags/Attributes | 94/3/102 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | controls.online |
|
| Details | Domain | 15 | slack.com |
|
| Details | Domain | 4 | check.torproject.org |
|
| Details | Domain | 35 | apt.win |
|
| Details | File | 3 | slackapi.dll |
|
| Details | File | 3 | userinfo.dll |
|
| Details | File | 12 | logs.txt |
|
| Details | File | 2 | controls.inf |
|
| Details | File | 3 | slackfiles.dll |
|
| Details | File | 25 | interop.dll |
|
| Details | File | 2 | appid.dll |
|
| Details | File | 2 | suitboot.php |
|
| Details | File | 2 | %appdata%\slackapi\rlogs.txt |
|
| Details | File | 2 | oneten.php |
|
| Details | File | 2 | applicationid.dll |
|
| Details | File | 2 | applicationinfo.dll |
|
| Details | File | 2 | 1307-js-9.pdf |
|
| Details | File | 2 | shakti-2024.pdf |
|
| Details | File | 2 | basefilterengine.dll |
|
| Details | File | 2 | basefilteringengine.dll |
|
| Details | File | 2 | spotifyab.zip |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 2 | spotifyab.dll |
|
| Details | File | 2 | extensionhelper_64.dll |
|
| Details | File | 2 | connectx.dll |
|
| Details | File | 2 | spotify-news.dll |
|
| Details | File | 2 | basefilter.dll |
|
| Details | File | 2 | spotify-desk.dll |
|
| Details | File | 2 | emergencybackup.dll |
|
| Details | File | 2 | aboutus.dll |
|
| Details | File | 2 | donateus.dll |
|
| Details | File | 2 | worddocument.dll |
|
| Details | md5 | 3 | 730f708f2788fc83e15e93edd89f8c59 |
|
| Details | md5 | 3 | 0cd16d0a2768b9ec0d980ccf875b2724 |
|
| Details | md5 | 3 | 0673341ccceeace3f0b268488f05db80 |
|
| Details | md5 | 3 | 2b1101f9078646482eb1ae497d44104c |
|
| Details | md5 | 3 | 795d1be0915ec60c764b7a7aa6c54334 |
|
| Details | md5 | 3 | 8703b910ece27b578f231ce5eb1afd8f |
|
| Details | md5 | 3 | 009cb6da5c4426403b82c79adf67021c |
|
| Details | md5 | 3 | 3a2c701408d94bbcdcf954793f6749bc |
|
| Details | md5 | 3 | 1bac7ea5a9558d937eaf0682523e6a06 |
|
| Details | md5 | 3 | d3fe72a3b9cb5055662e6a0e19b8f010 |
|
| Details | md5 | 3 | b54512bf0ed75a9f2dee26a4166461a2 |
|
| Details | md5 | 3 | ab127d76a40f1cb0cfd81ba1e786d983 |
|
| Details | md5 | 3 | b9d9e75a2e6b81277f2052a1f0b14e45 |
|
| Details | md5 | 3 | 58643299e340ae7b01efc67ef09ed369 |
|
| Details | md5 | 3 | 16ea7ce77c875a17049e9607323d1be4 |
|
| Details | md5 | 3 | 47990d1df44767ee3a6c4a6673ee76e9 |
|
| Details | md5 | 3 | 7ecaa3c5a647d671a9aa4369d4a43b83 |
|
| Details | md5 | 3 | af2ec3dcfdbb7771b0a7a3d2035e7e99 |
|
| Details | sha1 | 3 | 549d80d0d2c3e2cf3ea530f37bfc0b9fe0cbd5f4 |
|
| Details | sha1 | 3 | 88fd8d71d879257b6cbf2bc12b6493771b26d8a0 |
|
| Details | sha1 | 3 | bc62b98437abd81a1471633afb9cff5dd898cdf8 |
|
| Details | sha1 | 3 | 6ac91c9e6beeacd74c56dfde9025e54e221b016c |
|
| Details | sha1 | 3 | 86afc3e8046dfff3ec06bd50ae38f1da7797c3e2 |
|
| Details | sha1 | 3 | f7424286b6b5f8dbad86856ef178745e34c8e83a |
|
| Details | sha1 | 3 | f98019e637a2ae58d54ff903770b35eefb106432 |
|
| Details | sha1 | 3 | 0db24c0a4dd12e5fa412434222d81de8e2de4b3c |
|
| Details | sha1 | 3 | b7814d9f6f2096f5a9573ade52547a447eff33bb |
|
| Details | sha1 | 3 | c4c9aaeb74782cd9b5b8701d46e55cf299277215 |
|
| Details | sha1 | 3 | b09d059e8d6b87f3a6165e4d71901187d0aa99d5 |
|
| Details | sha1 | 3 | 115e612a4e653cd915d5fc07246a00369fe38cde |
|
| Details | sha1 | 3 | 1fc28b9e902dd2a8b771b1dc7ec3a62ad04fb02b |
|
| Details | sha1 | 3 | e5377172ee4bae1508405370ee41bee646837c04 |
|
| Details | sha1 | 3 | 0c9400e6b8c9244fd187a9f021d0da0b70b6f6fd |
|
| Details | sha1 | 3 | 43ac372b9cd05eefae3f50a0e487562759f3b0d9 |
|
| Details | sha1 | 3 | ee3162e649183490038da015e51750f23ae18d0f |
|
| Details | sha1 | 3 | 2e8139275a48cd048c21e1942b673ae0781dd0b8 |
|
| Details | sha256 | 3 | 06d9662572a47d31a51adf1e0085278e0233e4299e0d7477e5e4a3a328dea9d1 |
|
| Details | sha256 | 3 | a7fd97177186aff9f442beb9da6b1ab3aff47e611b94609404e755dd2f97dce8 |
|
| Details | sha256 | 3 | 70bafcf666e8e821212f55ea302285bb860d2b7c18089592a4a093825adbaa71 |
|
| Details | sha256 | 3 | 60b0b6755cf03ea8f6748a1e8b74a80a3d7637c986df64ee292f5ffefcd610a2 |
|
| Details | sha256 | 3 | 7e04e62f337c5059757956594b703fc1a995d436c48efa17c45eb0f80af8a890 |
|
| Details | sha256 | 3 | 2b6a273eae0fb1835393aea6c30521d9bf5e27421c2933bfb3beee8c5b27847e |
|
| Details | sha256 | 3 | d66ba4ee97a2f42d85ca383f3f61a2fac4f0b374aad1337f5f29245242f2d990 |
|
| Details | sha256 | 3 | dca78e069bfd9ca4638b4f9cb21dff721530d16924e502c03d8c9aa334b7ca0d |
|
| Details | sha256 | 3 | 348c0980c61d7c682cce7521aaad13a20732f7115cb5559729b86ca255f1af7f |
|
| Details | sha256 | 3 | 6f839ded49ebf1dad014d79fbab396e2067c487685556a8402f3acdeb1600d98 |
|
| Details | sha256 | 3 | 0a52c0ac04251ac1a8bc193af47f33136ae502b0c237de5236d1136acc3b1140 |
|
| Details | sha256 | 3 | b41e1d6340388b08694ae649a54fa09372f92f4038fd84259a06716fa706b967 |
|
| Details | sha256 | 3 | 6296fb22d94d1956fda2a6a48b36e37ddd15cf196c434ab409c787bf8aa47ac3 |
|
| Details | sha256 | 3 | 263f9e965f4f0d042537034e33699cf6d852fb8a52ac320a0e964ce96c48f5e5 |
|
| Details | sha256 | 3 | 8d552547fe045f6006f113527eb5dd4a8d5918c989bf11090c7cb44806d595be |
|
| Details | sha256 | 3 | 308c84c68c18af8458ae61afe1f2eec78f229e188724e271bd192a144fd582fc |
|
| Details | sha256 | 3 | b9e10e83a270e1995acaceb88ce684fb97df6156a744565b20b6ec3bc08c2728 |
|
| Details | sha256 | 3 | b30a9e31b0897bfe6ab80aebcd0982eecf68e9d3d3353c1e146f72195cef0ef5 |
|
| Details | IPv4 | 3 | 83.171.248.67 |
|
| Details | IPv4 | 3 | 38.54.84.83 |
|
| Details | IPv4 | 3 | 84.247.135.235 |
|
| Details | IPv4 | 3 | 143.110.179.176 |
|
| Details | IPv4 | 3 | 64.227.134.248 |
|
| Details | Threat Actor Identifier - APT | 121 | APT36 |
|
| Details | Url | 2 | https://slack.com/api/conversations.history?channel=c06bm9xtvas&count=1&limit=1 |
|
| Details | Url | 2 | https://slack.com/api/chat.postmessage |
|
| Details | Url | 2 | https://slack.com/api/files.upload |
|
| Details | Url | 2 | http://83.171.248.67/suitboot.php |
|
| Details | Url | 2 | http://83.171.248.67/oneten.php |
|
| Details | Url | 2 | http://38.54.84.83/middleware/newclient |
|
| Details | Url | 2 | https://check.torproject.org/api/ip |
|
| Details | Url | 2 | http://38.54.84.83/middleware/gettask |
|
| Details | Url | 2 | http://38.54.84.83/uploads |
|
| Details | Url | 2 | http://84.247.135.235:8080/phenomenon/spotifyab.zip:!rundll32.exe:!spotifyab.dll:!spotifyab.zip |