Rewterz Threat Alert – Gh0st RAT – A Decades-Old Open-Source Remote Administration Tool (RAT) Seen Active In Recent Phishing Campaign – Active IOCs
Tags
country: | Bolivia China Hong Kong |
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 |
Common Information
Type | Value |
---|---|
UUID | 7f46c75c-edff-49b5-b8b8-050a5f979403 |
Fingerprint | b7b00921aa556e8e |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | May 1, 2023, 10:52 a.m. |
Added to db | May 3, 2023, 1:20 p.m. |
Last updated | Dec. 19, 2024, 4:49 p.m. |
Headline | Rewterz Threat Alert – Gh0st RAT – A Decades-Old Open-Source Remote Administration Tool (RAT) Seen Active In Recent Phishing Campaign – Active IOCs |
Title | Rewterz Threat Alert – Gh0st RAT – A Decades-Old Open-Source Remote Administration Tool (RAT) Seen Active In Recent Phishing Campaign – Active IOCs |
Detected Hints/Tags/Attributes | 58/3/19 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 365 | ✔ | — | https://www.rewterz.com/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | api.youkesdt.asia |
|
Details | Domain | 5 | datacache.cloudservicesdevc.tk |
|
Details | File | 3 | sqlversion9.dll |
|
Details | md5 | 3 | 9e6c45b6b8b20bf3c5959dbba8f27117 |
|
Details | md5 | 3 | 96e4b47a136910d6f588b40d872e7f9d |
|
Details | md5 | 3 | 317f9ff06c076e87e5b1d11242396d5f |
|
Details | md5 | 3 | 4723a2a8f68c1eaf82809cff29b8e56f |
|
Details | sha1 | 1 | 3f92403135c5c9e2c7bba370fcc7a615ab429395 |
|
Details | sha1 | 1 | 0d2eae5df6a4bbf79ec8cd3505d00c4bdabf331e |
|
Details | sha1 | 1 | 29868086fe5adb4b32c0216d953c419b596246c7 |
|
Details | sha1 | 1 | c74dbcc5f60a3c7ee79932453db4a374fdde58e6 |
|
Details | sha256 | 1 | a7579376b40d4afb7535df9148b74143d23490c415eae5103de5ea1b3177f2c8 |
|
Details | sha256 | 1 | f788ed739241f79688653d27aeefd18c9d8142a31fe0b5342535e392c040dd9b |
|
Details | sha256 | 1 | 0e10625daf43a3f4c67f2840ced29d535d0307148819c8ec73a7e76241e9f644 |
|
Details | sha256 | 1 | d817badc2ec3677d18a6b7a3f7c17cee5c768928f8af89fe3427ac4c918f92ee |
|
Details | IPv4 | 3 | 61.160.223.114 |
|
Details | Url | 3 | https://api.youkesdt.asia/admin/down/hash/79b7c6ed-c4d8-4b36-b1cd-f968e6570010 |
|
Details | Url | 3 | http://datacache.cloudservicesdevc.tk/picturess/2023/sqlversion9.dll |
|
Details | Url | 3 | http://61.160.223.114:18076 |