Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID ebc82553-af78-43a2-83b0-78d48196fb54
Fingerprint a4258983a926abea
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 20, 2021, midnight
Added to db Oct. 15, 2024, 3:27 p.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Title Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Detected Hints/Tags/Attributes 45/2/9
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_hk/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_nl/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_ph/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_id/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_ae/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_au/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_in/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_be/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_gb/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_no/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_ca/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_th/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_sg/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_se/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_fi/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
Details Source https://www.trendmicro.com/en_my/research/21/i/Water-Basilisk-Uses-New-HCrypt-Variant-to-Flood-Victims-with-RAT-Payloads.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 140 
archive.org
Details Domain 71 
transfer.sh
Details Domain 41 
discord.com
Details File 1 
bill.iso
Details File 1 
bx25.txt
Details File 2 
c:\users\public\run\run.vbs
Details File 5 
run.vbs
Details File 1 
dx25.txt
Details File 4 
aspnet_regbrowsers.exe