Email campaigns leverage updated DBatLoader to deliver RATs, stealers
Tags
cmtmf-attack-pattern: Process Injection
country: Spain Turkey
maec-delivery-vectors: Watering Hole
attack-pattern: Data Cloud Services - T1021.007 Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Native Api - T1575 Phishing - T1660 Phishing - T1566 Process Hollowing - T1055.012 Process Injection - T1631 Execution Through Api - T1106 Hooking - T1179 Process Hollowing - T1093 Process Injection - T1055 Hooking
Show in Graph
Common Information
Type Value
UUID 7346957b-4b42-4aef-8ebc-27bcb984f388
Fingerprint 2e0d0983a1b63ee9
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 12, 2023, midnight
Added to db Oct. 23, 2023, 12:47 a.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Email campaigns leverage updated DBatLoader to deliver RATs, stealers
Title Email campaigns leverage updated DBatLoader to deliver RATs, stealers
Detected Hints/Tags/Attributes 67/4/11
Source URLs
Redirection Url
Details Source https://securityintelligence.com/posts/email-campaigns-leverage-updated-dbatloader-deliver-rats-stealers/
URL Provider
Details Provider Source level domain
Details securityintelligence.com securityintelligence.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 227 X-Force – Security Intelligence https://securityintelligence.com/category/x-force/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 6 
warzone.ws
Details Domain 71 
transfer.sh
Details File 10 
easinvoker.exe
Details File 12 
netutils.dll
Details File 39 
amsi.dll
Details File 10 
kdeco.bat
Details File 1 
o.bat
Details File 4 
sndvol.exe
Details File 11 
iexpress.exe
Details File 16 
colorcpl.exe
Details File 41 
wusa.exe