← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
RATs, Hackers and Rihanna
WHITE AlienVault 2015-08-25 Modified: 2017-08-24
34
IOCs
MEDIUM VOLUME
(Fortinet) We start our correlation with the analysis of the exploit payload - a remote administration tool (RAT) with MD5 6bde5462f45a230edc7e7641dd711505 (detected as MSIL/Agent.QOO!tr). This RAT looks new to us; hence we suspected that it may either be a new RAT family or a custom RAT that was developed for a specific attacker (hacker)
ratUtilityWarriorpawanremote access toolwindowsvisual basicfortinet
Indicators of Compromise (15 / 34 total)
All domain URL hostname FileHash-MD5 email CVE
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3e486ce5fbcc8fed0172bf19f4013cba 2017-08-24
FileHash-MD5 78904b8c4831f368f6a51f640c5540d8 2017-08-24
FileHash-MD5 7f44125412432e2533fb76cf49642dd1 2017-08-24
FileHash-MD5 65eb2ddc65eb4b963061fe01ad0069df 2017-08-24
FileHash-MD5 ae6b65ca7cbd4ca0ba86c6278c834547 2017-08-24
FileHash-MD5 84f169c2ff66175c415dca6e3d1d7a11 2017-08-24
FileHash-MD5 a5b2acfa5b86bc31740ca0af1d2cd2d8 2017-08-24
FileHash-MD5 6bde5462f45a230edc7e7641dd711505 2017-08-24
FileHash-MD5 7bb1f568a9877c1177a134a273ad744f 2017-08-24
FileHash-MD5 b411d5fd45711e2223d0d85e84850d3f 2017-08-24
FileHash-MD5 baccbf655d0a7ff171a4fef7cfdc47e1 2017-08-24
FileHash-MD5 7e8e3fa76f2e41fca6d8b81fea4dea5d 2017-08-24
FileHash-MD5 2b4b0ba685522de8398d14d540b41a3a 2017-08-24
FileHash-MD5 e023335a2a96bf7a8e9c4c1439182a1f 2017-08-24
FileHash-MD5 2c3adf843acf69c56b5ced66d919ae6f 2017-08-24
References (1)
↗ http://blog.fortinet.com/post/the-curious-case-of-the-document-exploiting-an-unknown-vulnerability-part-2-rats-hackers-and-rihanna