ioc[.]one - OSINT Cyber Threat Intelligence Database

Hunting Cyber Evil Ratels: From the targeted attacks to the widespread usage of Brute Ratel - Yoroi

Tags

attack-pattern:

Data Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Hooking - T1179 Hooking

Show in Graph

Common Information

Type	Value
UUID	d7e32e60-b875-449c-a017-7817dfd0d2fd
Fingerprint	a4304dc02495dbc5
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 15, 2023, 1:46 p.m.
Added to db	Oct. 24, 2023, 1:28 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Hunting Cyber Evil Ratels: From the targeted attacks to the widespread usage of Brute Ratel
Title	Hunting Cyber Evil Ratels: From the targeted attacks to the widespread usage of Brute Ratel - Yoroi
Detected Hints/Tags/Attributes	43/1/80

Source URLs

	Redirection	Url
Details	Source	https://yoroi.company/research/hunting-cyber-evil-ratels-from-the-targeted-attacks-to-the-widespread-usage-of-brute-ratel/
Details	Source	https://yoroi.company/research/hunting-cyber-evil-ratels-from-the-targeted-attacks-to-the-widespread-usage-of-brute-ratel/?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	yoroi.company	yoroi.company

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	409	✔	Yoroi	https://yoroi.company/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	89	version.dll
Details	File	1	onedriveupdtater.exe
Details	File	4	scandinavian_defense.tar
Details	File	533	ntdll.dll
Details	File	13	content.php
Details	File	86	admin.php
Details	File	207	login.php
Details	md5	1	565389d34883ec2885db74644889cee8
Details	sha256	1	4766553ce5ff67a2e28b1ee1b5322e005b85b26e21230ffba9622e7c83ed0917
Details	sha256	1	6df589ac0c3c884c54f419a437406ac8bf3ab400685a108bd50542bc67704831
Details	sha256	1	17decce71404a0ad4b402d030cb91c6fd5bca45271f8bf19e796757e85f70e48
Details	sha256	1	fdeb6a6aaee94fe204fb986f6d78e64a9086c5f64e315d8c5e90b590f0007af8
Details	sha256	1	5f4782a34368bb661f413f33e2d1fb9f237b7f9637f2c0c21dc752316b02350c
Details	sha256	1	025ef5e92fecf3fa118bd96ad3aff3f88e2629594c6a7a274b703009619245b6
Details	sha256	1	086dc27a896e154adf94e8c04b538fc146623b224d62bf019224830e39f4d51d
Details	sha256	1	17e4989ff7585915ec4342cbaf2c8a06f5518d7ba0022fd1d97b971c511f9bde
Details	sha256	1	200955354545ef1309eb6d9ec65a917b08479f28362e7c42a718ebe8431bb15d
Details	sha256	1	221e81540e290017c45414a728783cb62f79d9f63f2547490ec2792381600232
Details	sha256	1	25e7a8da631f3a5dfeec99ca038b3b480658add98719ee853633422a3a40247d
Details	sha256	1	28a4e9f569fd5223bffe355e685ee137281e0e86cae3cc1e3267db4c7b2f3bcd
Details	sha256	2	2ddc77de26637a6d759e5b080864851b731fdb11075485980ece20d8f197104c
Details	sha256	1	31fe821e4fac6380701428e01f5c39c6f316b6b58faff239d8432e821a79d151
Details	sha256	1	331952c93954bd263747243a0395441d0fae2b6d5b8ceb19f3ddb786b83f0731
Details	sha256	1	34c1d162bf17cdb41c2c5d220b66202a85f5338b15019e26dcab1a81f12fc451
Details	sha256	1	38b3b10f2ddeecda0db029dacc6363275c4cdf18cc62be3cc57b79647d517a44
Details	sha256	2	3a946cba2ba38a2c6158fa50beee20d2d75d595acc27ea51a39a37c121082596
Details	sha256	1	3baace2a575083a7031af7e9e13ff8ed46659f0b25ce54abe73db844acfad11a
Details	sha256	1	3f63fbc43fc44e6bf9c363e8c17164aeb05a515229e2111a2371d4321dcde787
Details	sha256	1	4e5d89844135dca1d9899a8eedfbabc09bcb0fb5c5c14c29f7df5a58d7cf16d4
Details	sha256	1	4f88738e04447344100bb9532c239032b86e71d8037ccb121e2959f37fff53cf
Details	sha256	2	54e844b5ae4a056ca8df4ca7299249c4910374d64261c83ac55e5fdf1b59f01d
Details	sha256	1	56ced937d0b868a2005692850cea467375778a147288ac404748c2dea9c17277
Details	sha256	1	6021d5500fdea0664a91bdd85b98657817083ece6e2975362791c603d7a197c7
Details	sha256	2	62cb24967c6ce18d35d2a23ebed4217889d796cf7799d9075c1aa7752b8d3967
Details	sha256	1	62e88163b51387b160e9c7ea1d74f0f80c52fc32c997aa595d53cbc2c3b6caf4
Details	sha256	1	64a95de2783a97160bac6914ee07a42cdd154a0e33abc3b1b62c7bafdce24c0c
Details	sha256	1	6a85451644a2c6510d23a1ab5610c85a38107b3b3a00238f7b93e2ce6d1ba549
Details	sha256	1	6ade03a82d8bb884cae26c6db31cf539bec66861fc689cf1c752073fb79740c5
Details	sha256	1	6fdd81e31f2bec2bdda594974068a69e911219d811c8de4466d7a059dd3183a3
Details	sha256	1	74c00f303b87b23dffb59718187ff95c9d4d8497c61a64501166ac5dbed84b9f
Details	sha256	1	7757a76ca945f33f3220ad2b2aa897f3e63c47f08e1b7d62d502937ba90360a7
Details	sha256	1	7824197ad3b9c0981a1cdabf82940ac7733d232442bd31d195783a4e731845d2
Details	sha256	1	79e232b2a08a2960a493e74ab7cba3e82c8167acc030a5ca8d080d0027a587fe
Details	sha256	1	7fe1ff03e8f5678d280f7fd459a36444b6d816b2031e37867e4e36b689eccd33
Details	sha256	1	83b336deca35441fa745cd80a7df7448ce24c09dd2a36569332ae0e4771f36a6
Details	sha256	1	88249de22cefaf15f7c45b155703980fb09eb8e06b852f9d4a7c82126776ee7e
Details	sha256	1	8b8f7e8030e2ba234a33bc8a2fa3ccb5912029d660e03ed40413d949142b98fe
Details	sha256	1	8d979a1627dea58e9b86f393338df6aabfd762937e25e39f1d325fce06cf5338
Details	sha256	1	8dd3faf0248890e8c3efb40b800f892989204ba3125986690669f0a914f26c5d
Details	sha256	1	9521f51e42b8e31d82b06de6e15dbf9a1fa1bbff62cf6bc68c0b9e8fd1f8b2c5
Details	sha256	1	97a00056c459a7ce38ad8029413bf8f1691d4ae81e90f0d346d54c91dd02a511
Details	sha256	1	991f883556357a3b961c31e2b72f6246b52b27a5c45b72914abc61c5b5960cc3
Details	sha256	1	9f06583bd4b8c4aefc470ef582ff685cd3d03b404e67ce8bf9dbbd5828c90c43
Details	sha256	1	a0c3da2ebf94f6671537a80d26b3288f8fcdf845fe2780ef81fd9da48c0162bf
Details	sha256	1	a8759ef55fed4a9410cc152df9ef330a95f776619901054715ed4721a414d15c
Details	sha256	1	a8cc14bd56aa4a2da40717cb3f11ecb6aff4e0797a9cebcff51461db19eaf580
Details	sha256	1	ae38ec0ddc58424bf6de8858c82c4c6902fc947604943d58d8cbca00991c7f7d
Details	sha256	1	aeb82788aad8bdee4c905559c4636536fb54c40fdc77b27ba4308b6a0f24bedf
Details	sha256	1	bdd028922220ff92acb8530c894e2705743a968a8159fe955c1057736c7e1ebd
Details	sha256	1	c3cc43492d005b25fc2cc66f82a550420bb4c48b5aae0a77f1ccef0603a3e47c
Details	sha256	1	c4f40e2eb029ef11be4ac43ccc6895af6fb6dabd3a5bcc02f29afb9553da625c
Details	sha256	1	c6aa2c54eee52f99a911dadfbf155372bd9f43fb9f923500b0b374799204d7a3
Details	sha256	1	c6e2562a2ae399a851b0e5bfb92011e9f97ab45fa536a61eb89b3aee062461f7
Details	sha256	1	ca2b9a0fe3992477d4c87a6e2a75faaac9ea0f3828d054cb44371b3068b76ba5
Details	sha256	1	cdc5e05843cf1904e145dad3ae6c058b92b1bc3cbffffc217884b7cc382172a1
Details	sha256	1	cee890a9e7ab521125372c13b71fc154ef5332d333fe43798303b198e9314dcd
Details	sha256	1	d90beab9a3986c26922e4107dccb0b725b8b0eea398f2aeb8848cbe25c3becee
Details	sha256	1	db987749ef4a58c6a592a33221770d23adcb2efce4a5504aabc73d61cd356616
Details	sha256	1	dc9757c9aa3aff76d86f9f23a3d20a817e48ca3d7294307cc67477177af5c0d4
Details	sha256	1	dcb986e45f1cf38794acec5e7f576a8dff6fbec66e6a09e3cc92596c796ad0d3
Details	sha256	1	e400a196e7128a3cf40085629db8f26b73b6980be7df3da60928a4a062bc85cb
Details	sha256	1	e491d06e3a556c79e922274af04c1786a957775ba2d5d0b02d13bdee91bf5ce4
Details	sha256	1	ea6d9ff8f768fc0132f9f543d9546744d04f9f83e2241950f63f60b520b9ece0
Details	sha256	1	ead189bb18ee839db3d221701e208c4d2845c232cec66764bb3ea6c688ca18e8
Details	sha256	1	ee035537c3b8fc54ca2e1fa98c18e2fb0e203d863005c878bc8ceaa690a6689f
Details	sha256	1	ee53521e7d8b2b05fef77877440738ee169f3b75228931f9aaf96621a2f64c25
Details	sha256	1	eef36bc6f208abd46541bac1b1de18bb3a69057b1a54e67d71d259cc0f1bef5b
Details	sha256	1	f59fe0945f97df4e3d2efc9b31d00602fc5a16e05453e0d853e275cadb63a057
Details	sha256	1	f875e68899afe172394176fa9cabededeaa19ad6816a90746bb630c064c69e6a
Details	Threat Actor Identifier - APT	665	APT29