A Deep Dive into Brute Ratel C4 payloads – Part 2 – CYBER GEEKS
Tags
attack-pattern: Data Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 4d497996-a525-4a6f-aa81-3694903c8fd7
Fingerprint 6c140d13283828b9
Analysis status DONE
Considered CTI value 1
Text language
Published Sept. 27, 2023, midnight
Added to db Aug. 31, 2024, 2:31 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline A Deep Dive into Brute Ratel C4 payloads – Part 2
Title A Deep Dive into Brute Ratel C4 payloads – Part 2 – CYBER GEEKS
Detected Hints/Tags/Attributes 43/1/17
Source URLs
Redirection Url
Details Source https://cybergeeks.tech/a-deep-dive-into-brute-ratel-c4-payloads-part-2/
URL Provider
Details Provider Source level domain
Details cybergeeks.tech cybergeeks.tech
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 91 CYBER GEEKS https://cybergeeks.tech/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
deloitte.com.cn
Details Domain 281 
docs.microsoft.com
Details Domain 4127 
github.com
Details Domain 224 
unit42.paloaltonetworks.com
Details Domain 12 
www.mdsec.co.uk
Details Email 2 
trial@deloitte.com.cn
Details File 18 
logonui.exe
Details File 212 
winlogon.exe
Details File 478 
lsass.exe
Details File 2126 
cmd.exe
Details Github username 19 
mandiant
Details sha256 3 
d71dc7ba8523947e08c6eec43a726fe75aed248dfd3a7c4f6537224e9ed05f6f
Details IPv4 2 
45.77.172.28
Details Url 9 
https://docs.microsoft.com/en-us/windows/win32/api
Details Url 3 
https://github.com/mandiant/flare-fakenet-ng
Details Url 3 
https://unit42.paloaltonetworks.com/brute-ratel-c4-tool
Details Url 1 
https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel