Threat Thursday: Warzone RAT Breeds a Litter of ScriptKiddies
Tags
cmtmf-attack-pattern: Boot Or Logon Autostart Execution Command And Scripting Interpreter
maec-delivery-vectors: Watering Hole
attack-pattern: Data Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Command And Scripting Interpreter - T1623 Control Panel - T1218.002 Credentials - T1589.001 Credentials In Files - T1552.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Exfiltration Over C2 Channel - T1646 File And Directory Discovery - T1420 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Software - T1592.002 Vnc - T1021.005 Windows Command Shell - T1059.003 Video Capture - T1512 Unsecured Credentials - T1552 Account Discovery - T1087 Bypass User Account Control - T1088 Command-Line Interface - T1059 Connection Proxy - T1090 Credentials In Files - T1081 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Input Capture - T1056 Office Application Startup - T1137 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Remote Services - T1021 Rootkit - T1014 Video Capture - T1125 Rootkit
Show in Graph
Common Information
Type Value
UUID f0c366dd-d281-4db0-be3f-3c9856fef0cc
Fingerprint bc70895c65aba6d3
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 16, 2021, 1:01 a.m.
Added to db Sept. 11, 2022, 12:35 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Threat Thursday: Warzone RAT Breeds a Litter of ScriptKiddies
Title Threat Thursday: Warzone RAT Breeds a Litter of ScriptKiddies
Detected Hints/Tags/Attributes 102/3/36
Source URLs
Redirection Url
Details Source https://blogs.blackberry.com/en/2021/12/threat-thursday-warzone-rat-breeds-a-litter-of-scriptkiddies
URL Provider
Details Provider Source level domain
Details blackberry.com blogs.blackberry.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
anglekeys.warzonedns.com
Details Domain 33 
www.apache.org
Details Domain 37 
www.blackberry.com
Details File 55 
control.exe
Details File 1 
duser32.dll
Details File 64 
logins.json
Details File 29 
profiles.ini
Details md5 1 
51a1d638436da72d7fa5fb524e02d427
Details sha256 1 
2944c31732655f1d470e483ab539c81e4fa0ec80b0f8753b4a856b0c894476e6
Details sha256 1 
fcfd3248548efd7b521afddc86809165fd4b921f021130171335168247e7355b
Details sha256 1 
b5d3060af008a045b96ff6362131d8b2f05d56f480cd5c01d960c21c4609b34a
Details sha256 1 
a0584917b318ebeab9938cedabb1f2d184a33c5f33c2e6992968c9804360857f
Details sha256 1 
9d56ad7e390d35d3fcf2bc03ac7b38e5efeee12e8bbc2917a375e6cf8c65d69f
Details sha256 1 
066c455fdfc44d36695e2e0a97c41c25e8d2d21a90576f649159b16af4ffd860
Details sha256 1 
5521c70600320df5bd5bbc6ef6ddc33f62e2078c7701452a60a58745adff1ffb
Details sha256 1 
e85769eee5f2539084a2da5bf79027849249130be251d1f2e8b3de0021d194ab
Details sha256 1 
b48c8a6fd76389cc51d279f896aa61d152212ce87b46a67b1171e3c40794eb4e
Details sha256 1 
0968aac5baa3ca0333c06de5803c08300465441092fba720f9efe88f68cde4a0
Details sha256 1 
5b6ac94ed2e8e2fda33d432f739588ad97db7a8865e51dc7ea2dc758eb1ed9cd
Details MITRE ATT&CK Techniques 159 
T1021
Details MITRE ATT&CK Techniques 32 
T1125
Details MITRE ATT&CK Techniques 118 
T1056.001
Details MITRE ATT&CK Techniques 89 
T1552.001
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 29 
T1137
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 86 
T1548.002
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 141 
T1219
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 179 
T1087
Details Url 20 
https://www.apache.org/licenses/license-2.0
Details Url 17 
https://www.blackberry.com/us/en/forms/cylance/handraiser/emergency-incident-response-containment
Details Windows Registry Key 3 
HKCU\Software\Classes\Folder\shell\open\command
Details Windows Registry Key 188 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 2 
HKCU\Software\_rptls