ioc[.]one - OSINT Cyber Threat Intelligence Database

BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Graphical User Interface - T1061 Powershell - T1086 Graphical User Interface

Show in Graph

Common Information

Type	Value
UUID	be7907bb-e1e8-48cb-897e-090937c5eeb5
Fingerprint	8c158c9381bb878f
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 26, 2019, 6:40 p.m.
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 19, 2024, 8:06 a.m.
Headline	BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat
Title	BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat
Detected Hints/Tags/Attributes	82/2/27

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

Attributes

Details	Type	#Events	Value
Details	CVE	106	cve-2018-8174
Details	Domain	64	go.microsoft.com
Details	Domain	709	google.com
Details	Domain	25	www.cyberthreatalliance.org
Details	File	1	blackip.txt
Details	File	1	blacktip.txt
Details	File	4	%appdata%\microsoft\ttmp.log
Details	File	1	%appdata%\microsoft\delemd.tmp
Details	File	1	%appdata%\microsoft\xxyyzz.tmp
Details	File	1	%appdata%\microsoft\deleme.tmp
Details	File	1	cow_pass.gif
Details	File	5	cow.gif
Details	File	7	ttmp.log
Details	File	1	'cowboy_clear.bin
Details	md5	1	d742aa65c4880f85ae43feebb0781b67
Details	md5	1	daab894b81cc375f0684ae66981b357d
Details	md5	1	bde663d08d4e2e17940d890ccf2e6e74
Details	sha256	1	f86d05c1d7853c06fc5561f8df19b53506b724a83bb29c69b39f004a0f7f82d8
Details	sha256	1	d50a0980da6297b8e4cec5db0a8773635cee74ac6f5c1ff18197dfba549f6712
Details	sha256	1	bd6efb16527b025a5fd256bb357a91b4ff92aff599105252e50b87f1335db9e1
Details	sha256	1	75917cc1bd9ecd7ef57b7ef428107778b19f46e8c38c00f1c70efc118cb8aab5
Details	sha256	1	4b3416fb6d1ed1f762772b4dd4f4f652e63ba41f7809b25c5fa0ee9010f7dae7
Details	sha256	1	33ce9bcaeb0733a77ff0d85263ce03502ac20873bf58a118d1810861caced254
Details	IPv4	3	173.248.170.149
Details	Url	1	http://go.microsoft.com/.
Details	Url	1	http://go.microsoft.com
Details	Url	25	http://google.com