ioc[.]one - OSINT Cyber Threat Intelligence Database

Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Scheduled Task/Job
country:	Germany Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Command And Scripting Interpreter - T1623 File And Directory Permissions Modification - T1222 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Command-Line Interface - T1059 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	2a0e40ad-b5fe-49b0-b5ed-81600bc7f8a7
Fingerprint	b407a447811fe983
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 16, 2022, midnight
Added to db	Oct. 24, 2023, 1:46 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Title	Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
Detected Hints/Tags/Attributes	53/4/18

Source URLs

	Redirection	Url
Details	Redirection	https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/
Details	Source	https://www.malwarebytes.com/blog/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis
Details	Redirection	https://www.malwarebytes.com/blog/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/

URL Provider

Details	Provider	Source level domain
Details	malwarebytes.com	blog.malwarebytes.com
Details	malwarebytes.com	www.malwarebytes.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		collaboration-bw.de
Details	Domain	1		baden-wuerttemberg.de
Details	Domain	1		kleinm.de
Details	Domain	1		2022-q2-bedrohungslage-ukraine.zip
Details	File	1		2022-q2-bedrohungslage-ukraine.chm
Details	File	4		status.txt
Details	File	1		bedrohung-ukr.html
Details	File	1		2022-q2-bedrohungslage-ukraine.zip
Details	File	2127		cmd.exe
Details	File	34		hh.exe
Details	File	27		attrib.exe
Details	sha256	1		2430f68285120686233569e51e2147914dc87f82c7dbdf07fe0c34dbb1aca77c
Details	sha256	1		80bad7e0d5a5d2782674bb8334dcca03534aa831c37aebb5962da1cd1bec4130
Details	sha256	1		a5d8beaa832832576ca97809be4eee9441eb6907752a7e1f9a390b29bbb9fe1f
Details	sha256	1		fc71522a4125ca4bdc5e5deca4a6498e7f2da4408614c2e1284c3ae8c083a5fd
Details	MITRE ATT&CK Techniques	695		T1059
Details	MITRE ATT&CK Techniques	480		T1053
Details	MITRE ATT&CK Techniques	265		T1222