ioc[.]one - OSINT Cyber Threat Intelligence Database

The RAT race: What happens when RATs go undetected

Tags

country:	Jordan
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Vulnerabilities - T1588.006 Remote Access Tools - T1219

Show in Graph

Common Information

Type	Value
UUID	9c1ff8c9-e4e8-4e0b-8d67-25a111306762
Fingerprint	308900d1212d1649
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 29, 2024, 2:11 p.m.
Added to db	Dec. 11, 2024, 10:56 a.m.
Last updated	Dec. 18, 2024, 10:58 p.m.
Headline	The RAT race: What happens when RATs go undetected
Title	The RAT race: What happens when RATs go undetected
Detected Hints/Tags/Attributes	64/2/141

Source URLs

	Redirection	Url
Details	Source	https://fieldeffect.com/blog/what-happens-when-rats-go-undetected

URL Provider

Details	Provider	Source level domain
Details	fieldeffect.com	fieldeffect.com

Attributes

Details	Type	#Events	Value
Details	CVE	31	cve-2024-38213
Details	Domain	1	invoiceposs.shop
Details	Domain	1	expect-major-institutes-ec.trycloudflare.com
Details	Domain	1	f5.py
Details	Domain	1	ana.py
Details	Domain	1	ven.py
Details	Domain	1	asy.py
Details	Domain	1	xw3.py
Details	Domain	1	xw5.py
Details	Domain	1	hvn.py
Details	Domain	1	f1.py
Details	Domain	1	f6.py
Details	Domain	1	r1.py
Details	Domain	1	r6.py
Details	Domain	33	duckdns.org
Details	Domain	2	newxrm5.duckdns.org
Details	Domain	1	pdhasync.duckdns.org
Details	Domain	63	censys.io
Details	Domain	1	meridianinsurance.com
Details	Domain	1	prtmscaup.click
Details	Domain	1	level-kevin-sing-jordan.trycloudflare.com
Details	Domain	1	quite-plug-kevin-restore.trycloudflare.com
Details	Domain	1	facts-at-pennsylvania-compliance.trycloudflare.com
Details	Domain	1	dxjs2.zip
Details	Domain	1	ftsp.zip
Details	Domain	1	cam.zip
Details	Domain	1	bab.zip
Details	Domain	2	sdanarchynd.duckdns.org
Details	Domain	1	soasyncb.duckdns.org
Details	Domain	2	newhvmo.duckdns.org
Details	Domain	1	ukk.py
Details	Domain	2	momentnb3901.duckdns.org
Details	Domain	2	jkvernm.duckdns.org
Details	Domain	2	hnxwrm3.duckdns.org
Details	Domain	2	01.py
Details	Domain	2	ghanarchydn.duckdns.org
Details	Domain	2	soasync.duckdns.org
Details	Domain	2	partinvshipppjbb.click
Details	Domain	3	winaero.com
Details	Email	1	info@meridianinsurance.com
Details	File	1	attach_71gnjgai1e4ungap5iji6gatcqjnwgaw.html
Details	File	3	new.vbs
Details	File	8	new.bat
Details	File	1	startuppp.bat
Details	File	1	f5.py
Details	File	1	ana.py
Details	File	1	ven.py
Details	File	1	asy.py
Details	File	1	xw3.py
Details	File	1	xw5.py
Details	File	1	hvn.py
Details	File	1	f1.py
Details	File	1	f6.py
Details	File	1	r1.py
Details	File	1	r6.py
Details	File	1	policy_claimpdf.html
Details	File	1	dxjs2.zip
Details	File	1	ftsp.zip
Details	File	1	cam.zip
Details	File	1	bab.zip
Details	File	1	ukk.py
Details	File	2	01.py
Details	File	1	ana.bin
Details	File	1	asy.bin
Details	File	1	bab_ana.bin
Details	File	1	bab_asy.bin
Details	File	1	bab_hvn.bin
Details	File	1	bab_ukk.bin
Details	File	1	bab_ven.bin
Details	File	1	bab_xw3.bin
Details	File	1	bab_xw5.bin
Details	File	1	dxjs_ana.bin
Details	File	1	dxjs_asy.bin
Details	File	1	ftsp_f1.bin
Details	File	1	ftsp_f2.bin
Details	File	1	ftsp_f3.bin
Details	File	1	ftsp_f4.bin
Details	File	1	ftsp_f5.bin
Details	File	1	ftsp_f6.bin
Details	File	1	ftsp_r1.bin
Details	File	1	ftsp_r2.bin
Details	File	1	ftsp_r3.bin
Details	File	1	ftsp_r4.bin
Details	File	1	ftsp_r5.bin
Details	File	1	ftsp_r6.bin
Details	File	1	build-10158.png
Details	sha256	2	65709e96fce3ec279ee1350e0cf28d1ea420fc50163b7936d505ba9ac7600a9d
Details	sha256	2	002dac453fe5045d78a58b59e02c8272a2ece1a03c1f4aaeac3f9fba62260ddc
Details	sha256	2	d1507c309b4cba14cdb1ae65fc8f0fcb88a003208a3c141e6025cff6229aefbf
Details	sha256	2	f6ceb1059c0e299135f04990333f11d63b6c9a85c717307accdd23a04bebb0b6
Details	sha256	2	70b7fb00510a73ea4760ca53484d290bcba33b9503baee509874a5419e7d7638
Details	sha256	2	8fdad5333e382170c136cbe818d4f36980bfc02cb4a3ab484016df7c6c4c8aa4
Details	sha256	2	96d41eef94431f80eb20dd4d38b88ea9c5608b84ecc03c643de2c1ae64e0182b
Details	sha256	2	d9ac80b19b5724074c255b5a53634267e2b0d19c37d489449cf37e85bc131ecb
Details	sha256	2	a43c024e93ea0f63ecc5a719b5823ddd4b3bd0a2dd135940f1d9c599e2b90e7a
Details	sha256	2	99e366ae607f3fb3ea65474af20c2e23d4b3018bc5ef132dc636662e5166feee
Details	sha256	2	f0ce0161599ac739251c2b94b30594b3b98741983ab2616fce572d9f0982ed52
Details	sha256	2	f5d1b3bc84c739601127e1c3f280ad747a295294630c0f942608686712cb8cd3
Details	sha256	2	2d891106a415b0a97faa47af22074b617ebef123381fdfd782e3fdcddda193dc
Details	sha256	2	308786f86dd4f2d1e79325ca3dd71984e2e12db3c01df52deb76ea5546972745
Details	sha256	2	fe8a2c66e0f199022b6b4cdcff96971cc66d2dd978263fd104d75b6344436471
Details	sha256	2	7023f20f5264c9d83b17d995a07f0cc255fa0861c5bf83101034a430c8ff85d6
Details	sha256	2	8ed0e51fac43d041360f5a7b8b59285f6c98a1f3954401d4c4b8f5a95eface0f
Details	sha256	2	f136acbb905459aa3292dd65c86361cb863c94d710ade951ac2208a88c36ec6a
Details	sha256	2	75cf8d1c43fad756cb9c6da084a71ee50bd3d4a46e870df14cdd2135d86681a5
Details	sha256	2	7bb3936b975266dfac275080576000fc368ca7388dd1931f891cc80565c82daa
Details	sha256	2	c1969a287c8425d306dab962572667b26ad2135376d3dc24fdf6dba52d6ee62b
Details	sha256	2	0a0e5e5c246ece090f6ece4bd34601cebf68d36ab280a1df819ad84687b84fc3
Details	sha256	2	c20a2d5c4bd09c1858ac88c8900609c9306e59e412d1d3b37be5c5971d9561f4
Details	sha256	2	382dbe6d39c39fd38e1ee247592deaab1d55a4525f062cb9372de08cb842330e
Details	sha256	2	7184b9380355584e2c2279cd3bf50ba651b26848f390e723dc33f80ef865f9d2
Details	sha256	2	8877e607552950a006062ee083437e733de5f502c0979b8de20962327d426395
Details	sha256	2	5645e16631e12be7eb36aeba6fe76cdff82b8be163a44a442188d90fb44cec34
Details	sha256	2	44051748c5278fa392206b9bb1f612b864f1e59d278b19ddb8e6db0160d81b9d
Details	sha256	2	9ea03e9d12665dc3c905596961e6806eda4faca1f527f869fe4918c3f4ab8977
Details	sha256	2	ad06a456e8383f8f7ab41572aefa4250749364d48de429445b40de09728c3523
Details	sha256	2	ac774294588a03aad61499229221eff805c8dc2bbbfd7eb766acda7522d0dba6
Details	sha256	2	ca61ba38fa43d88cc01a430d1509d58e315d029a3e85d95c569a201818d83909
Details	sha256	2	33f7b6071bfcbd935a2b2b7cd25fa452ec513e0ea85b100138e3080eca48c9fe
Details	sha256	2	cd848b86defa1f282fa99be1ce19a9342cf1619815caa88aa617656061af8c29
Details	sha256	2	49bef5b4b64221297f90380092f6eba6014d81f6f517e82e42f4906087b20d19
Details	sha256	2	bb2f8dff11bd99bcfbc0544d29a5e690701fc242c8188e68192371768bec6f7d
Details	sha256	2	54f51d85fd754d3fa0bd46b548582843aac04abe0fbc9e693b309cf48267045d
Details	sha256	2	87f796c64019595590d7767478f320bd05eb98e3b7cc9063413a353400c637e3
Details	sha256	2	a58c1ba197c1ad3f97902900d3f125b5c5c7b35e0d5edcafc17c7b2f16773c18
Details	sha256	2	b8f03e60b0b79494fefa04862c3ceae0276103dbad7d9aa25ef50c2fd7012336
Details	sha256	2	e36eb2bd4984b602f3f8c1c9303560c91f6adb35e8781c165bf8b5a3402e9ff9
Details	sha256	2	b283e721ef829991f5b794be6b033619a731436ec21f9ac0f0a681d3ab40a6a6
Details	sha256	2	00d92dc62ad67a1f7299147dc407e0d0a74dbec59c87b3a768f0df69d2aa5fd9
Details	sha256	2	e1a225fd284ebe4090893b19cb4b4287b0e0d7547211562273b7877a42347e5d
Details	sha256	2	8c0177a227ce368c16ac479886ac4ef5e5613a5eb9de6d62cf8e9e63d1369bea
Details	sha256	2	c3e7f5bf4b92bbeaa7973eb0665edbfffc428a8c90c0a9fe1f4d7cc7ead3bf97
Details	sha256	2	009c8c527a61077b528c3a0ce021aae6b83addd4f21225539d17d56372c2a031
Details	sha256	2	d2419eb4442ece088febfa99ed8e19068feb2db742fd84c506ced24f60374dfb
Details	sha256	2	1277b7f12af65d3590f7e06672413698255214dfab3bdf7668d5846577c00368
Details	IPv4	2	12.187.175.72
Details	IPv4	2	12.202.180.114
Details	IPv4	2	163.172.59.233
Details	IPv4	2	154.216.16.111
Details	Url	2	http://partinvshipppjbb.click:7382
Details	Url	1	https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png