ioc[.]one - OSINT Cyber Threat Intelligence Database

New Java-Based Sayler RAT Targets Polish Speaking Users

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter
country:	Poland
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Chat Messages - T1552.008 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Data From Local System - T1533 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 File And Directory Discovery - T1420 Malware - T1587.001 Malware - T1588.001 Process Discovery - T1424 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Command Shell - T1059.003 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Credential Dumping - T1003 Data From Local System - T1005 File And Directory Discovery - T1083 Graphical User Interface - T1061 Modify Registry - T1112 Standard Non-Application Layer Protocol - T1095 Process Discovery - T1057 Registry Run Keys / Start Folder - T1060 Scheduled Task - T1053 Screen Capture - T1113 System Information Discovery - T1082 Graphical User Interface Screen Capture

Show in Graph

Common Information

Type	Value
UUID	9b321522-73f9-4a2f-ab41-6d157c5811aa
Fingerprint	e4964b0239bfa2c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 2, 2023, midnight
Added to db	Nov. 19, 2023, 6:24 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	New Java-Based Sayler RAT Targets Polish Speaking Users
Title	New Java-Based Sayler RAT Targets Polish Speaking Users
Detected Hints/Tags/Attributes	103/4/27

Source URLs

	Redirection	Url
Details	Source	https://cyble.com/blog/new-java-based-sayler-rat-targets-polish-speaking-users/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	98	✔	Cyble	https://cyble.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	pl.sayler.site
Details	Domain	246	mail.ru
Details	File	2	java.jar
Details	File	117	taskmgr.exe
Details	File	79	regedit.exe
Details	File	9	systemsettings.exe
Details	File	1	browser_accs.txt
Details	File	1	browser_cards.txt
Details	File	2	browser_history.txt
Details	File	2126	cmd.exe
Details	File	1	blazexhack.jar
Details	md5	1	3a285221a2ee58369c4d39d2ee508b3d
Details	md5	1	9f36aa7edd5e1f19b541f209386bc7ea
Details	sha1	1	d04754ca5c9853d4f5688ddafd76b125306dd01b
Details	sha1	1	ed51900e5b6bb58c116236aff1ed3dec4440702b
Details	sha256	1	ad79376aa24df8dab799d4fb4c5d0c913fda03bfea65cbd80923a5919bb1e9b9
Details	sha256	1	1349f1ac1da22cb2f2251a7e26dbc1e8716504c76d623d800e96295b8cdd00eb
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	289	T1003
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	444	T1071