ioc[.]one - OSINT Cyber Threat Intelligence Database

VagusRAT: A New Entrant in the External Threat Landscape - CYFIRMA

Tags

cmtmf-attack-pattern:	Application Layer Protocol Obfuscated Files Or Information
country:	Germany Iran
attack-pattern:	Application Layer Protocol - T1437 Control Panel - T1218.002 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 Native Api - T1575 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Seo Poisoning - T1608.006 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Vnc - T1021.005 Tool - T1588.002 Standard Application Layer Protocol - T1071 Execution Through Api - T1106 Modify Registry - T1112 Obfuscated Files Or Information - T1027 Query Registry - T1012 Remote Desktop Protocol - T1076 Software Packing - T1045 System Information Discovery - T1082

Show in Graph

Common Information

Type	Value
UUID	d617518e-14f5-4b4b-8e3e-59d130fac4bb
Fingerprint	bdf50ed9bdb3844d
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 7, 2023, 6:25 a.m.
Added to db	Oct. 24, 2023, 1:31 p.m.
Last updated	Nov. 17, 2024, 11:36 p.m.
Headline	VagusRAT: A New Entrant in the External Threat Landscape
Title	VagusRAT: A New Entrant in the External Threat Landscape - CYFIRMA
Detected Hints/Tags/Attributes	78/3/38

Source URLs

	Redirection	Url
Details	Source	https://www.cyfirma.com/outofband/vagusrat-a-new-entrant-in-the-external-threat-landscape/

URL Provider

Details	Provider	Source level domain
Details	cyfirma.com	www.cyfirma.com

Attributes

Details	Type	#Events	Value
Details	Domain	1175	gmail.com
Details	Domain	7	www.googleadservices.com
Details	Domain	454	www.google.com
Details	Domain	1	bdppay.com
Details	Domain	1	acrobatsadobes.icu
Details	Domain	1	bravebrowsers.cc
Details	Domain	1	vagusrat.properties
Details	Domain	1	www.vagusrat.com
Details	Domain	1	keyauth.cc
Details	Domain	7	sr.no
Details	Email	1	iq969997@gmail.com
Details	Email	1	saishbly770@gmail.com
Details	Email	1	janice.johnson19960@gmail.com
Details	Email	1	janice.jhonson19966@gmail.com
Details	File	8	21.exe
Details	File	1	with.log
Details	md5	1	a8754096cc985cad9eb65e303a07a348
Details	md5	1	7ce22135f9a3eeaf1653101bbfe68272
Details	sha1	1	c26d73d2e6c921d13904e472c3abaeabbe635b2c
Details	sha256	1	37082f0b757d6c249b870c29872a9bf8e38e344150735d9b6d2a64364b18b226
Details	IPv4	1	5.117.104.181
Details	IPv4	1	193.176.87.152
Details	IPv4	1	198.54.114.160
Details	MITRE ATT&CK Techniques	12	T1608.006
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	160	T1027.002
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	444	T1071
Details	Url	1	https://www.googleadservices.com/pagead/aclk?sa=l&ai=dchcsewjy4sagmj_8ahvjfdqbhy3oaxeyabad
Details	Url	1	https://bdppay.com/?gclid=eaiaiqobchmi8ulgojif_aivsrxuar2nzgmreaayasaaegloo_d_bwe
Details	Url	1	https://acrobatsadobes.icu
Details	Url	1	https://bravebrowsers.cc/setup_4.21.exe
Details	Url	1	https://www.vagusrat.com
Details	Url	1	https://keyauth.cc/panel/evlf/vagusrat
Details	Windows Registry Key	493	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run