Go RAT, Go! AthenaGo points “TorWords” Portugal
Tags
country: Portugal
maec-delivery-vectors: Watering Hole
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID 99153c76-f466-4fc4-b6c3-430decb62cb6
Fingerprint ad241b098dfb8693
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 8, 2017, 12:02 p.m.
Added to db Feb. 18, 2023, 12:05 a.m.
Last updated Sept. 4, 2024, 3:55 a.m.
Headline Cisco Talos Intelligence Blog
Title Go RAT, Go! AthenaGo points “TorWords” Portugal
Detected Hints/Tags/Attributes 61/3/13
Source URLs
Redirection Url
Details Source http://blog.talosintel.com/2017/02/athena-go.html
Details Redirection http://blog.talosintelligence.com/2017/02/athena-go.html
Details Redirection https://blog.talosintelligence.com/athena-go
Details Source https://blog.talosintelligence.com/athena-go/
URL Provider
Details Provider Source level domain
Details talosintel.com blog.talosintel.com
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
teenhangout.tk
Details Domain 2 
msguard.zip
Details Domain 2 
athenabeicoxjr2l.onion.to
Details Domain 2 
athenabeicoxjr2l.onion.link
Details Domain 3 
canihazip.com
Details File 2 
msguard.zip
Details File 2 
%userprofile%\start menu\programs\startup\msguard.exe
Details File 2 
%appdata%\microsoft\windows\start menu\programs\startup\msguard.exe
Details sha256 2 
518362bce6243d6040bbf6fc1840c42450eeb03b7d7b47b232c1569a92de7f91
Details sha256 2 
009f9f92b65b552ae195030ed48e787b249067aa26de3102718823807063afb5
Details sha256 2 
af385c983832273390bb8e72a9617e89becff2809a24a3c76646544375f21d14
Details sha256 2 
c32fb305903a22106c6d3def0ac6c05b4f16cba99e23527b6c61d617ea794b1d
Details sha256 2 
72d87b225b83ffb4f9c1595a12e6d6e296895b4202cdece01b28bbac0d13b449