ioc[.]one - OSINT Cyber Threat Intelligence Database

BIOPASS RAT New Malware Sniffs Victims via Live Streaming

Tags

country:	China South Korea Mongolia Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Cloud Services - T1021.007 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Video Capture - T1512 Tool - T1588.002 Connection Proxy - T1090 Scheduled Task - T1053 Scripting - T1064 Video Capture - T1125 Scripting

Show in Graph

Common Information

Type	Value
UUID	893f1984-5945-4d5c-a6b1-e95caaac00bc
Fingerprint	afb88cfc3de7264c
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 9, 2021, midnight
Added to db	Oct. 15, 2024, 3:48 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	BIOPASS RAT: New Malware Sniffs Victims via Live Streaming
Title	BIOPASS RAT New Malware Sniffs Victims via Live Streaming
Detected Hints/Tags/Attributes	93/3/176

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_au/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
Details	Source	https://www.trendmicro.com/en_sg/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
Details	Source	https://www.trendmicro.com/en_nz/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
Details	Source	https://www.trendmicro.com/en_my/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	52	socket.io
Details	Domain	3	download.google-images.ml
Details	Domain	2	trojan.win32.cobeacon.bg
Details	Domain	14	files.zip
Details	Domain	2	webplus-cn-hongkong-s-5faf81e0d937f14c9ddbe5a0.oss-cn-hongkong.aliyuncs.com
Details	Domain	2	softres.oss-accelerate.aliyuncs.com
Details	Domain	2	flashdownloadserver.oss-cn-hongkong.aliyuncs.com
Details	Domain	2	lualibs.oss-cn-hongkong.aliyuncs.com
Details	Domain	2	bps-rhk.oss-cn-hongkong.aliyuncs.com
Details	Domain	2	wxdget.oss-cn-hongkong.aliyuncs.com
Details	Domain	2	chinanode.microsoft-update-service.com
Details	Domain	2	0x3s.com
Details	Domain	2	update.flash-installer.com
Details	Domain	2	update.flash-installers.com
Details	Domain	2	flash.com.cm
Details	Domain	2	flash.com.se
Details	Domain	2	flashi.com.cn
Details	Domain	2	flash.co.cm
Details	Domain	2	microsoft.update.flash.com.se
Details	Domain	2	servicehub.zip
Details	File	2	cdaemon.txt
Details	File	2	c1222.txt
Details	File	2	sc3.txt
Details	File	2	x64.txt
Details	File	22	big.txt
Details	File	3	online.txt
Details	File	2	bps.key
Details	File	118	sc.exe
Details	File	17	everything.exe
Details	File	3	ffmpeg.exe
Details	File	5	obs64.exe
Details	File	15	frpc.exe
Details	File	2	vdwm.exe
Details	File	2	micromsg.db
Details	File	3	trojanspy.py
Details	File	12	trojan.py
Details	File	2	sc2.txt
Details	File	13	s.txt
Details	File	11	x.txt
Details	File	2	getwechatdb.txt
Details	File	2	wechat.txt
Details	File	2	xss_spoof.zip
Details	File	15	x.js
Details	File	52	trojan.js
Details	File	4	script.txt
Details	File	6	xss.txt
Details	File	19	trojan.html
Details	File	8	flash.exe
Details	File	2	test-ticker.exe
Details	File	2	silverlight_ins.exe
Details	File	2	flash_installer.exe
Details	File	46	system.exe
Details	File	3	test3.exe
Details	File	2	flash1.exe
Details	File	2	flash-64.exe
Details	File	58	test.exe
Details	File	3	test4.exe
Details	File	2	silverlight.exe
Details	File	2	test-flash.exe
Details	File	2	flashplayerpp_install_cn.exe
Details	File	2	f0b96efe2f714e7bddf76cc90a8b8c88_se.exe
Details	File	6	news.exe
Details	File	2	flash_ins.exe
Details	File	2	silverlight1.exe
Details	File	2	silverlight2.exe
Details	File	2	flash2.exe
Details	File	3	flashplayer_install_cn.exe
Details	File	16	64.exe
Details	File	2	aos.exe
Details	File	2	socketio.exe
Details	File	2	flash_ins_bak.exe
Details	File	15	files.zip
Details	File	2	fn.exe
Details	File	3	systemsetting.exe
Details	File	2	yizhi_signed.exe
Details	File	12	beep.sys
Details	File	2	servicehub.zip
Details	sha1	2	efb70718bc00393a01694f255a28e30e9d2142a4
Details	sha1	2	8ce020aa874902c532b9911a4dca8effa627dc80
Details	sha256	2	c47fabc47806961f908bed37d6b1bbbfd183d564a2d01b7cae87bd95c20ff8a5
Details	sha256	2	e5fdb754c1a7c36c288c46765c9258bb2c7f38fa2a99188a623182f877da3783
Details	sha256	3	a7e9e2bec3ad283a9a0b130034e822c8b6dfd26dda855f883a3a4ff785514f97
Details	sha256	2	f3c96145c9d6972df265e12accfcd1588cee8af1b67093011e31b44d0200871f
Details	sha256	2	0f8a87ca5f94949904804442c1a0651f99ba17ecf989f46a3b2fde8de455c4a4
Details	sha256	2	d8b1c4ad8f31c735c51cb24e9f767649f78ef5c571769fbaac9891c899c33444
Details	sha256	2	ee4150f18ed826c032e7407468beea3b1f738ba80b75a6be21bb8d59ee345466
Details	sha256	2	34be85754a84cc44e5bb752ee3a95e2832e7be1f611dd99e9a1233c812a6dad2
Details	sha256	2	f21decb19da8d8c07066a78839ffd8af6721b1f4323f10a1df030325a1a5e159
Details	sha256	2	40ab025d455083500bfb0c7c64e78967d4d06f91580912dccf332498681ebaf6
Details	sha256	2	e479823aa41d3f6416233dba8e765cf2abaa38ad18328859a20b88df7f1d88d5
Details	sha256	2	e567fd0f08fdafc5a89c9084373f3308ef464918ff7e4ecd7fb3135d777e946d
Details	sha256	2	0c8c11d0206c223798d83d8498bb21231bbeb30536a20ea29a5d9273bc63313d
Details	sha256	2	00977e254e744d4a242b552d055afe9d6429a5c3adb4ba169f302a53ba31795d
Details	sha256	2	dbb6c40cb1a49f4d1a5adc7f215e8e15f80b9f0b11db34c84e74a99e41671e06
Details	sha256	2	bdf7ebb2b38ea0c3dfb13da5d9cc56bf439d0519b29c3da61d2b2c0ab5bc6011
Details	sha256	2	e3183f52a388774545882c6148613c67a99086e5eb8d17a37158fc599ba8254b
Details	sha256	2	d3956e237066a7c221cc4aaec27935d53f14db8ab4b1c018c84f6fccfd5d0058
Details	sha256	2	4e804bde376dc02daedf7674893470be633f8e2bda96fa64878bb1fcf3209f60
Details	sha256	2	05d1c273a4caeae787b2c3faf381b5480b27d836cd6e41266f3eb505dcee6186
Details	sha256	2	0b16dfa3e0bbcc7b04a9a43309e911059a4d8c5892b1068e0441b177960d3eee
Details	sha256	2	0f18694b400e14eb995003541f16f75a5afc2478cc415a6295d171ba93565a82
Details	sha256	2	11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4
Details	sha256	2	2243c10b1bd64dfb55eda08bc8b85610d7fa5ba759527b4b4dd16dfac584ef25
Details	sha256	2	2b580af1cdc4655ae75ef503aba7600e05cdd68b056a9354a2184b7fbb24db6f
Details	sha256	2	30a65a54acfbf8d412ade728cad86c5c769befa4e456f7c0e552e1ab0862a446
Details	sha256	2	30d9ffd4b92a4ed67569a78ceb25bb6f66346d1c0a7d6d6305e235cbdfe61ebe
Details	sha256	2	3195c355aa564ea66b4b37baa9547cb53dde7cf4ae7010256db92fff0bde873d
Details	sha256	2	32a3934d96a8f2dae805fa28355cd0155c22ffad4545f9cd9c1ba1e9545b39ac
Details	sha256	2	32c1460ba5707783f1bbaedab5e5eab21d762094106d6af8fa6b2f0f0d777c1a
Details	sha256	2	344cdbc2a7e0908cb6638bc7b81b6b697b32755bad3bed09c511866eff3876c7
Details	sha256	2	3589e53c59d9807cca709387bbcaaffc7e24e15d9a78425b717fc55c779b928e
Details	sha256	2	36e3fcd6a4c7c9db985be77ea6394b2ed019332fdae4739df2f96a541ea52617
Details	sha256	2	5d7aa3474e734913ecb4b820c0c546c92f7684081c519eecd3990e11a19bf2ba
Details	sha256	2	5fd2da648068f75a4a66b08d6d93793f735be62ae88085a79d839b6a0d6d859a
Details	sha256	2	660cef8210f823acb0b31d78fbce1d6f3f8c4f43231286f7ac69f75b2c42c020
Details	sha256	2	6a0976e5f9d07ff3d80fa2958976183758ba5fcdd4645e391614a347b4b8e64b
Details	sha256	2	75e03f40a088903579a436c0d8e8bc3d0d71cf2942ad793cc948f36866a2e1ad
Details	sha256	2	7d0d7d416db5bd7201420982987e213a129eef2314193e4558a24f3c9a91a38e
Details	sha256	2	7f4e02a041ca7cfbdc79b96a890822fd7c37be67b1f6c9e07596e6aec57ccdc0
Details	sha256	2	8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd
Details	sha256	2	8b5d4840bbdce0798950cd5584e3d4564581a7698bc6cfb2892c97b826129cec
Details	sha256	2	932b45ab117960390324678b0696ef0e07d7f8de1fa0b94c529f243610f1dcc9
Details	sha256	2	98a91356e0094c96d81bd27af407dd48c3c91aaf97da6794aeb303597a773749
Details	sha256	2	9eed9a2e0edf38f6354f4e57b3a6b9bed5b19263f54bcee19e66fc8af0c29e4e
Details	sha256	2	9f34d28562e7e1e3721bbf679c58aa8f5898995ed999a641f26de120f3a42cf4
Details	sha256	2	9ff906ffcde32e4c6fb3ea4652e6d6326713a7fde8bb783b52f12a1f382f8798
Details	sha256	2	a7c4dac7176e291bd2aba860e1aa301fb5f7d880794f493f2dea0982e2b7eb31
Details	sha256	2	b48e01ff816f12125f9f4cfc9180d534c7c57ef4ee50c0ebbe445e88d4ade939
Details	sha256	2	ba44c22a3224c3a201202b69d86df2a78f0cd1d4ac1119eb29cae33f09027a9a
Details	sha256	2	bd8dc7e3909f6663c0fff653d7afbca2b89f2e9bc6f27adaab27f640ccf52975
Details	sha256	2	bf4f50979b7b29f2b6d192630b8d7b76adb9cb65157a1c70924a47bf519c4edd
Details	sha256	2	c3fa69e15a63b151f8d1dc3018284e153ad2eb672d54555eaeaac79396b64e3b
Details	sha256	2	cce6b17084a996e2373aaebbace944a17d3e3745e9d88efad4947840ae92fd55
Details	sha256	2	d18d84d32a340d20ab07a36f9e4b959495ecd88d7b0e9799399fcc4e959f536b
Details	sha256	2	e4109875e84b3e9952ef362abc5b826c003b3d0b1b06d530832359906b0b8831
Details	sha256	2	e52ea54cfe3afd93a53e368245c5630425e326291bf1b2599b75dbf8e75b7aeb
Details	sha256	2	f1ad25b594a855a3c9af75c5da74b44d900f6fbb655033f9a98a956292011c8e
Details	sha256	2	fa1d70b6b5b1a5e478c7d9d840aae0cc23d80476d9eea884a73d1b7e3926a209
Details	sha256	2	fa7fbca583b22d92ae6d832d90ee637cc6ac840203cd059c6582298beb955aee
Details	sha256	2	fb770a3815c9ebcf1ba46b75b8f3686acc1af903de30c43bab8b86e5b46de851
Details	sha256	2	fb812a2ccdab0a9703e8e4e12c479ff809a72899374c1abf06aef55abbbf8edc
Details	sha256	2	ee2e9a1d3b593fd464f885b734d469d047cdb1bc879e568e7c33d786e8d1e8e2
Details	sha256	2	afbfe16cbdd574d64c24ad97810b04db509505522e5bb7b9ca3b497efc731045
Details	sha256	2	0b9f605926df4ff190ddc6c11e0f5839bffe431a3ddfd90acde1fcd2f91dada3
Details	sha256	2	6fc307063c376b8be2d3a9545959e068884d9cf7f819b176adf676fc4addef7d
Details	sha256	2	17e43d31585b4c3ac6bf724bd7263761af75a59335b285b045fce597b3825ed0
Details	sha256	2	b3bd28951789ef7cfaf659e07e198b45b04a2f3cde268e6ede4d4f877959341e
Details	sha256	2	e0caebfbd2804fcde30e75f2c6d06e84b3bf89ed85db34d6f628b25dca7a9a0f
Details	sha256	2	2503549352527cb0ffa1811a44481f6980961d98f9d5a96d5926d5676c31b9ee
Details	sha256	2	8ba72a391fb653b2cc1e5caa6f927efdf46568638bb4fc25e6f01dc36a96533b
Details	IPv4	2	47.57.142.30
Details	IPv4	2	47.57.186.151
Details	IPv4	2	103.158.190.58
Details	IPv4	3	207.148.100.49
Details	Pdb	3	c:\users\test\desktop\fishmaster\x64\release\fishmaster.pdb
Details	Threat Actor Identifier - APT	522	APT41
Details	Url	2	https://webplus-cn-hongkong-s-5faf81e0d937f14c9ddbe5a0.oss-cn-hongkong.aliyuncs.com/silverlight_ins.exe
Details	Url	2	https://webplus-cn-hongkong-s-5faf81e0d937f14c9ddbe5a0.oss-cn-hongkong.aliyuncs.com/flash_ins.exe
Details	Url	2	http://softres.oss-accelerate.aliyuncs.com/silverlight.exe
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/big.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/online.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/files.zip
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/servicehub.zip
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/c1222.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/cdaemon.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/x.txt
Details	Url	2	http://lualibs.oss-cn-hongkong.aliyuncs.com/x86/1-cs-443.lua
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/s.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/sc2.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/sc3.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/csplugins/getwechatdb.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/csplugins/wechat.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/csplugins/xss_spoof.zip
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/csplugins/xss.txt
Details	Url	2	http://flashdownloadserver.oss-cn-hongkong.aliyuncs.com/res/csplugins/script.txt
Details	Url	2	http://0x3s.com/x.js