RATicate: an attacker’s waves of information-stealing malware
Tags
| cmtmf-attack-pattern: | Code Injection |
| country: | Romania |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Code Injection - T1540 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | a72de234-f993-43b5-8bb9-a1e86084483b |
| Fingerprint | 243c087ba72b87c0 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 14, 2020, 4 p.m. |
| Added to db | Sept. 11, 2022, 12:36 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | RATicate: an attacker’s waves of information-stealing malware |
| Title | RATicate: an attacker’s waves of information-stealing malware |
| Detected Hints/Tags/Attributes | 82/4/56 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://news.sophos.com/en-us/2020/05/14/raticate/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | stngpetty.ga |
|
| Details | Domain | 1 | allenservice.ga |
|
| Details | Domain | 1 | gelcursot.top |
|
| Details | Domain | 1 | ef-oh.com |
|
| Details | Domain | 1 | odoyo.net |
|
| Details | Domain | 1 | hearee.com |
|
| Details | Domain | 1 | binzom.com |
|
| Details | Domain | 1 | pizzans.com |
|
| Details | Domain | 1 | phochain.com |
|
| Details | Domain | 1 | rdrfi.com |
|
| Details | Domain | 1 | skylod.com |
|
| Details | Domain | 1 | hsctsu.com |
|
| Details | Domain | 1 | mail.newmedicacare.com |
|
| Details | Domain | 1 | mail.jrdigitalstore.com |
|
| Details | Domain | 1 | mail.koyo.com.my |
|
| Details | Domain | 1 | mail.qoa.com.my |
|
| Details | Domain | 1 | mail.sedirectory.com.my |
|
| Details | Domain | 1 | negrodesigns.ga |
|
| Details | Domain | 1 | webxpo.ga |
|
| Details | Domain | 1 | cbespania.info |
|
| Details | Domain | 1 | conrak.net |
|
| Details | Domain | 1 | coxemen.com |
|
| Details | Domain | 1 | dachfix.com |
|
| Details | Domain | 1 | hypnose-beziers.com |
|
| Details | Domain | 1 | jevmod.com |
|
| Details | Domain | 1 | lighthouse-campus24.com |
|
| Details | Domain | 1 | oleum.gmbh |
|
| Details | Domain | 1 | pupilfy.com |
|
| Details | Domain | 1 | tellpizzqhut.com |
|
| Details | Domain | 1 | terenium.com |
|
| Details | Domain | 1 | vibe.restaurant |
|
| Details | Domain | 1 | yamatobb.com |
|
| Details | Domain | 1 | yncits89.com |
|
| Details | Domain | 1 | ratokasutka.com |
|
| Details | Domain | 1 | miscov.com |
|
| Details | Domain | 1 | czxpkj.com |
|
| Details | Domain | 1 | tucson1989.duckdns.org |
|
| Details | Domain | 1 | pedrobedoya201904.duckdns.org |
|
| Details | Domain | 1 | cashout2018.ddns.de |
|
| Details | Domain | 1 | pitchstak.ga |
|
| Details | Domain | 1 | slashoff.com |
|
| Details | Domain | 1 | sofisleep.com |
|
| Details | Domain | 1 | jinshasoft.com |
|
| Details | Domain | 1 | bywebhost.com |
|
| Details | Domain | 1 | mail.arkazo.com |
|
| Details | Domain | 1 | mail.alhilaly-group.com |
|
| Details | File | 57 | system.dll |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 1 | aventailes.dll |
|
| Details | File | 1 | cbespania.inf |
|
| Details | File | 17 | logout.php |
|
| Details | File | 1 | this_is_57_length_filename_in_order_to_do_a_crash_poc.exe |
|
| Details | sha256 | 1 | c2cdb371d3394ff71918ac2422a84408644fa603f1b45e3fb1a438dbce9dcad0 |
|
| Details | sha256 | 1 | 46c6fa90acdf651e99620c257ae4e9ed9d1cfcb31fd676dc9b570bb3f9720ac8 |
|
| Details | IPv4 | 1 | 79.134.225.97 |
|
| Details | IPv4 | 4 | 79.134.225.11 |