Gh0st and Pantegana: Two RATs that Refuse to Fade Away
Tags
country: Taiwan
maec-delivery-vectors: Watering Hole
attack-pattern: Direct Botnet - T1583.005 Botnet - T1584.005 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Remote Access Tools - T1219
Show in Graph
Common Information
Type Value
UUID bf5b09a7-4012-4332-8bf8-b4f57cc7b504
Fingerprint a79331f3bf3b8682
Analysis status IN_PROGRESS
Considered CTI value 0
Text language
Published Oct. 3, 2024, midnight
Added to db Oct. 9, 2024, 8:28 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Gh0st and Pantegana: Two RATs that Refuse to Fade Away
Title Gh0st and Pantegana: Two RATs that Refuse to Fade Away
Detected Hints/Tags/Attributes 49/3/22
Source URLs
Redirection Url
Details Source https://hunt.io/blog/gh0st-and-pantegana-two-rats-that-refuse-to-fade-away
URL Provider
Details Provider Source level domain
Details hunt.io hunt.io
Attributes
Details Type #Events CTI Value
Details Domain 2 
app.hunt.io
Details Domain 1 
www.kuaidiyouhui.asia
Details Domain 1 
zchyedu.com
Details Domain 1 
www.zchyedu.com
Details Domain 1 
img.zchyedu.com
Details Domain 4128 
github.com
Details Domain 57 
hunt.io
Details Github username 2 
qwqdanchun
Details sha256 1 
d0a66fafcc28fe8c1aeecffcb56efc76196aac53cf64d438a172b5c0af2ea6b4
Details sha256 1 
81348a5f80957e3f584a216ecd636886bda2f89fbc4b0e5a0f6cdabe815cb5e6
Details sha256 1 
6cdb3b8125f0975bb1299d88eb650cf6ed12ca31f21a65d15758c957c7b9f18a
Details IPv4 1 
47.120.59.37
Details IPv4 1 
62.234.90.4
Details IPv4 1 
125.228.229.229
Details IPv4 1 
114.25.86.191
Details IPv4 1 
125.229.22.79
Details IPv4 2 
154.12.93.14
Details IPv4 1 
154.92.19.225
Details IPv4 1 
43.130.237.18
Details IPv4 1 
119.28.107.67
Details Url 1 
https://app.hunt.io/active-c2s.
Details Url 1 
https://github.com/qwqdanchun/dcrat