ioc[.]one - OSINT Cyber Threat Intelligence Database

ReverseRat Reemerges with a (Night)Fury New Campaign and New Developments, Same Familiar Side-Actor - Lumen

Tags

country:	Afghanistan Jordan India Iran Pakistan
attack-pattern:	Data Ip Addresses - T1590.005 Mshta - T1218.005 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Mshta - T1170 Powershell - T1086 Windows Management Instrumentation - T1047

Show in Graph

Common Information

Type	Value
UUID	e3109185-685c-470c-ad41-93fa571423f8
Fingerprint	a6b42d51013d85e9
Analysis status	DONE
Considered CTI value	0
Text language
Published	Aug. 11, 2021, noon
Added to db	Sept. 11, 2022, 12:30 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	ReverseRat Reemerges with a (Night)Fury New Campaign and New Developments, Same Familiar Side-Actor
Title	ReverseRat Reemerges with a (Night)Fury New Campaign and New Developments, Same Familiar Side-Actor - Lumen
Detected Hints/Tags/Attributes	72/2/21

Source URLs

	Redirection	Url
Details	Source	https://blog.lumen.com/reverserat-reemerges-with-a-nightfury-new-campaign-and-new-developments-same-familiar-side-actor/

URL Provider

Details	Provider	Source level domain
Details	lumen.com	blog.lumen.com

Attributes

Details	Type	#Events	Value
Details	Domain	3	medizz.co
Details	Domain	1	teams.windows.com
Details	Domain	1	wordpress.in
Details	Domain	1	rar.in
Details	Domain	2	drigablockszip.sytes.net
Details	File	9	charmap.exe
Details	File	1	wamiseerviceobjective.exe
Details	File	2	c:\windows\tasks\msftedit.dll
Details	File	1	c:\windows\tasks\charmap.exe
Details	File	8	msftedit.dll
Details	File	2	regadd.bat
Details	File	1	c:\windows\tasks\run.bat
Details	File	456	mshta.exe
Details	File	1	f:\openrats\nigthfury\nightfury_final\current_working_version\duser\systeminfo.cpp
Details	File	26	run.bat
Details	File	409	c:\windows\system32\cmd.exe
Details	File	7	filename.doc
Details	IPv4	2	62.171.191.230
Details	Url	2	https://medizz.co/wp-content/base/phr/shareddocuments/agenda/1.hta
Details	Url	1	http://drigablockszip.sytes.net
Details	Windows Registry Key	112	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run