ioc[.]one - OSINT Cyber Threat Intelligence Database

SeroXen RAT for sale

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Command And Scripting Interpreter Process Injection Scheduled Task/Job
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Code Signing - T1553.002 Command And Scripting Interpreter - T1623 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Credentials In Files - T1552.001 Data From Local System - T1533 Domains - T1583.001 Domains - T1584.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Hidden Files And Directories - T1564.001 Hidden Window - T1564.003 Hide Artifacts - T1628 Hide Artifacts - T1564 Hooking - T1617 Ingress Tool Transfer - T1544 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 System Network Configuration Discovery - T1422 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Non-Standard Port - T1509 Non-Standard Port - T1571 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Hollowing - T1055.012 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Subvert Trust Controls - T1632 Subvert Trust Controls - T1553 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 System Location Discovery - T1614 Windows Command Shell - T1059.003 Video Capture - T1512 Unsecured Credentials - T1552 Tool - T1588.002 Bypass User Account Control - T1088 Code Signing - T1116 Command-Line Interface - T1059 Connection Proxy - T1090 Credentials In Files - T1081 Data From Local System - T1005 Hidden Files And Directories - T1158 Hidden Window - T1143 Hooking - T1179 Remote File Copy - T1105 Input Capture - T1056 Modify Registry - T1112 Standard Non-Application Layer Protocol - T1095 Powershell - T1086 Process Hollowing - T1093 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote Services - T1021 Rootkit - T1014 Scheduled Task - T1053 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Owner/User Discovery - T1033 Windows Management Instrumentation - T1047 Video Capture - T1125 Hooking Rootkit

Show in Graph

Common Information

Type	Value
UUID	d9020ad3-1840-42e1-a8b0-ae0b437bd1d7
Fingerprint	b6048d55e13c84c5
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 1, 2023, midnight
Added to db	June 5, 2023, 11:02 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	SeroXen RAT for sale
Title	SeroXen RAT for sale
Detected Hints/Tags/Attributes	156/3/47

Source URLs

	Redirection	Url
Details	Source	https://cybersecurity.att.com/blogs/labs-research/seroxen-rat-for-sale
Details	Source	https://cybersecurity.att.com/blogs/labs-research/seroxen-rat-for-sale?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	att.com	cybersecurity.att.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	162	✔	—	https://media.cert.europa.eu/rss?type=category&id=APTFilter&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	seroxen.com
Details	Domain	1	seroxen.net
Details	Domain	4	nirsoft.net
Details	File	533	ntdll.dll
Details	File	19	msconfig.exe
Details	File	3	installstager.exe
Details	File	1	uninstallstager.exe
Details	File	1	sxr-nircmd.exe
Details	File	212	winlogon.exe
Details	File	39	amsi.dll
Details	File	172	dllhost.exe
Details	sha256	2	8ace121fae472cc7ce896c91a3f1743d5ccc8a389bc3152578c4782171c69e87
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	695	T1059
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	78	T1548
Details	MITRE ATT&CK Techniques	86	T1548.002
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	56	T1553
Details	MITRE ATT&CK Techniques	55	T1553.002
Details	MITRE ATT&CK Techniques	107	T1564
Details	MITRE ATT&CK Techniques	94	T1564.001
Details	MITRE ATT&CK Techniques	66	T1564.003
Details	MITRE ATT&CK Techniques	113	T1552
Details	MITRE ATT&CK Techniques	89	T1552.001
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	125	T1555.003
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	50	T1614
Details	MITRE ATT&CK Techniques	159	T1021
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	118	T1056.001
Details	MITRE ATT&CK Techniques	32	T1125
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	159	T1095
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	115	T1571
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	Windows Registry Key	15	HKEY_LOCAL_MACHINE\SOFTWARE