Go RAT, Go! AthenaGo points “TorWords” Portugal
Tags
| country: | Portugal |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 3eb4b969-ebad-4c7b-a9e2-4a18bc70d016 |
| Fingerprint | ad041f098dfb869b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 8, 2017, 12:24 p.m. |
| Added to db | Oct. 9, 2022, 4:12 p.m. |
| Last updated | Sept. 4, 2024, 3:55 a.m. |
| Headline | Vulnerability Information |
| Title | Go RAT, Go! AthenaGo points “TorWords” Portugal |
| Detected Hints/Tags/Attributes | 63/3/13 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.talosintelligence.com/2017/02/athena-go.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | teenhangout.tk |
|
| Details | Domain | 2 | msguard.zip |
|
| Details | Domain | 2 | athenabeicoxjr2l.onion.to |
|
| Details | Domain | 2 | athenabeicoxjr2l.onion.link |
|
| Details | Domain | 3 | canihazip.com |
|
| Details | File | 2 | msguard.zip |
|
| Details | File | 2 | %userprofile%\start menu\programs\startup\msguard.exe |
|
| Details | File | 2 | %appdata%\microsoft\windows\start menu\programs\startup\msguard.exe |
|
| Details | sha256 | 2 | 518362bce6243d6040bbf6fc1840c42450eeb03b7d7b47b232c1569a92de7f91 |
|
| Details | sha256 | 2 | 009f9f92b65b552ae195030ed48e787b249067aa26de3102718823807063afb5 |
|
| Details | sha256 | 2 | af385c983832273390bb8e72a9617e89becff2809a24a3c76646544375f21d14 |
|
| Details | sha256 | 2 | c32fb305903a22106c6d3def0ac6c05b4f16cba99e23527b6c61d617ea794b1d |
|
| Details | sha256 | 2 | 72d87b225b83ffb4f9c1595a12e6d6e296895b4202cdece01b28bbac0d13b449 |