[QuickNote] Decrypting the C2 configuration of Warzone RAT
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 8b685fee-eea8-495b-b7b1-45b19aa516e7
Fingerprint 84903f39bb270299
Analysis status DONE
Considered CTI value 0
Text language
Published March 25, 2023, 12:55 p.m.
Added to db Nov. 6, 2023, 6:06 p.m.
Last updated Nov. 12, 2024, 10:38 p.m.
Headline 0day in {REA_TEAM}
Title [QuickNote] Decrypting the C2 configuration of Warzone RAT
Detected Hints/Tags/Attributes 24/2/10
Source URLs
Redirection Url
Details Source https://kienmanowar.wordpress.com/2023/03/25/quicknote-decrypting-the-c2-configuration-of-warzone-rat/
URL Provider
Details Provider Source level domain
Details wordpress.com kienmanowar.wordpress.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 146 0day in {REA_TEAM} https://kienmanowar.wordpress.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 62 
stackoverflow.com
Details Domain 6 
research.openanalysis.net
Details Domain 1 
exploitreversing.files.wordpress.com
Details File 2 
warzone_rat_config.html
Details File 1 
mas_6-1.pdf
Details sha256 1 
00930cccd81e184577b1ffeebf08ee6a32dd0ef416435f551c64d2bcb61d46cf
Details sha256 1 
61f8bf26e80b6d6a7126d6732b072223dfc94203bb7ae07f493aad93de5fa342
Details Url 2 
https://stackoverflow.com/questions/9433541/movsx-in-python
Details Url 2 
https://research.openanalysis.net/warzone/malware/config/2021/05/31/warzone_rat_config.html
Details Url 1 
https://exploitreversing.files.wordpress.com/2022/11/mas_6-1.pdf