ioc[.]one - OSINT Cyber Threat Intelligence Database

The Russian SpyAgent – a Decade Later and RAT Tools Remain at Risk | Deep Instinct

Tags

cmtmf-attack-pattern:	Obfuscated Files Or Information
country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Binary Padding - T1027.001 Dll Search Order Hijacking - T1574.001 Dll Side-Loading - T1574.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Remote Access Software - T1663 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Binary Padding - T1009 Deobfuscate/Decode Files Or Information - T1140 Dll Search Order Hijacking - T1038 Dll Side-Loading - T1073 Hooking - T1179 Obfuscated Files Or Information - T1027 Remote Access Tools - T1219 System Information Discovery - T1082 Hooking

Show in Graph

Common Information

Type	Value
UUID	ce0c1f36-8b27-4ebd-bfe0-c81df339bd9a
Fingerprint	52c0a6bcc372881
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 11, 2022, 3 p.m.
Added to db	Feb. 14, 2023, 3:38 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	The Russian SpyAgent – a Decade Later and RAT Tools Remain at Risk
Title	The Russian SpyAgent – a Decade Later and RAT Tools Remain at Risk \| Deep Instinct
Detected Hints/Tags/Attributes	51/4/27

Source URLs

	Redirection	Url
Details	Source	https://www.deepinstinct.com/blog/the-russian-spyagent-a-decade-later-and-rat-tools-remain-at-risk

URL Provider

Details	Provider	Source level domain
Details	deepinstinct.com	www.deepinstinct.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	301	✔	Deep Instinct Blog: Breaking News and Updates	https://www.deepinstinct.com/blog/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	thief.lol
Details	Domain	1	jmai.ink
Details	File	7	quartz.dll
Details	File	48	applaunch.exe
Details	File	9	avicap32.dll
Details	File	4	assistant.exe
Details	File	25	teamviewer.exe
Details	md5	1	e2eea1960d77aa8a7153ff448601974c
Details	md5	1	c72710b4c1f85eca7d1441e1191faa9b
Details	md5	1	80896fc71f5f9825a554858e15988713
Details	md5	1	6f496789009980fe92070f4e0d670797
Details	md5	1	8002d9e5851728eb024b398cf19de390
Details	md5	1	28c4c35aed7949277a9c68a04a113114
Details	sha256	1	1565d137d235b65af1d1e4963ebc02eaf36cc81f870534674983bc6f67e5e274
Details	sha256	1	b8dde42c70d8c4a3511d5edffbc9f7f0c03dbda980e29693e71344f76da6bb0f
Details	IPv4	1	185.125.206.172
Details	IPv4	1	23.19.227.217
Details	IPv4	1	45.66.151.237
Details	IPv4	1	108.62.118.48
Details	MITRE ATT&CK Techniques	34	T1027.001
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	Windows Registry Key	13	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Details	Windows Registry Key	104	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows