Rewterz Threat Alert – Nanocore RAT – IOCs - Rewterz
Tags
attack-pattern: | Malware - T1587.001 Malware - T1588.001 |
Common Information
Type | Value |
---|---|
UUID | 3de3f968-c678-4b2f-967d-69a73a9d5282 |
Fingerprint | 87bfb6676f9fef09 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Oct. 1, 2020, 4:16 p.m. |
Added to db | Dec. 19, 2024, 8:18 p.m. |
Last updated | Dec. 20, 2024, 3:13 p.m. |
Headline | Rewterz Threat Alert – Nanocore RAT – IOCs |
Title | Rewterz Threat Alert – Nanocore RAT – IOCs - Rewterz |
Detected Hints/Tags/Attributes | 21/1/18 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 5 | admindepartment.ir |
|
Details | Domain | 1 | reporte.pdf.zip |
|
Details | Domain | 2 | greenhillsrishikesh.com |
|
Details | Domain | 3 | s3.rokket.space |
|
Details | Domain | 131 | cdn.discordapp.com |
|
Details | IPv4 | 1 | 5.135.73.86 |
|
Details | IPv4 | 1 | 35.157.92.120 |
|
Details | IPv4 | 1 | 5.135.73.120 |
|
Details | Url | 1 | http://admindepartment.ir/notepaq/bknu.exe |
|
Details | Url | 1 | http://5.135.73.86/zero.exe |
|
Details | Url | 1 | http://35.157.92.120/nass.exe |
|
Details | Url | 1 | http://5.135.73.120/zero.exe |
|
Details | Url | 1 | https://vwl0ka.bn.files.1drv.com/y4mricso8-5migge9shqjjrlvouo4lzm9x3amjob8jwhdw7gteoud4j33txgb2pjwhzsd59rxxgpclz4wzrntjgmomgb2swmrzbtmybp5krfqmnlb_ntpbmbfyyuwarclrsexxrmc9ar9qj23jroq5e1beg_9rb5epjhyf_x_5fzfihnduuggv5rxgr7hoy8b6hnkb5dxx-bevq-kph96kxa/pago |
|
Details | Url | 2 | https://huh.canto.com/rest/share/album/lo5om/rest/binary/other/plehtpdqal747842kiuc2v4272/download |
|
Details | Url | 2 | https://qh6ohq.am.files.1drv.com/y4mkvn4ytqicrevrmekrzj3o7lbsby0cqclbnusrevobutviifjvjwiurwxy3xvdjd8jjr6fdsvtjh4w63lubg7eaohre5kb6xrrca4trvo5yhux9bxqctzdoelh3vhlnji5fvbxyhljdkdph4lwf8hxaukaolqlqbmeb5odbmeljegnhmr9wulombfzbtfsbiafm3qqfjiykkxxuapmskq/swift |
|
Details | Url | 2 | https://greenhillsrishikesh.com/nel.exe |
|
Details | Url | 2 | https://s3.rokket.space/t_fr7ouh.txt |
|
Details | Url | 2 | http://cdn.discordapp.com/attachments/600109736821784578/638103447845077082/svchost.exe |