← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phishing emails with RAT targeting corporate users
WHITE AlienVault 2020-12-11 Modified: 2021-01-10
20
IOCs
MEDIUM VOLUME
"In November 2020 Doctor Web virus analysts detected a phishing attack targeting corporate users. The emails in question contained trojan malware that covertly install and launch Remote Utilities software — a tool for remotely accessing another computer."
RATPhishingemailSpypro
Indicators of Compromise (20)
All FileHash-MD5 FileHash-SHA256 FileHash-SHA1 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0d878cc7a97b36d7a1b7ca1d7a71b639 MD5 of 8d1b7d738c4c0f0aba5c25b096b54b3fc20e5643 2020-12-11
FileHash-SHA256 691b0aa0a116dd3c18dd08145f8783e72242d05b6d781cc179cb40920d26cc9e SHA256 of 8d1b7d738c4c0f0aba5c25b096b54b3fc20e5643 2020-12-11
FileHash-SHA1 12497d7c24011078cce12100f57a1cf368a3b17f 2020-12-11
FileHash-SHA1 52c3841141d0fe291d8ae336012efe5766ec5616 2020-12-11
FileHash-SHA1 8d1b7d738c4c0f0aba5c25b096b54b3fc20e5643 2020-12-11
FileHash-SHA1 c3e619d796349f2f1efada17c9717cf42d4b77e2 2020-12-11
FileHash-SHA1 f87831d4a515d58171e35a326224c119b1bcd3f6 2020-12-11
domain 360mediashare.com 2020-12-11
domain ateliemilano.ru 2020-12-11
domain gedebeywater.com 2020-12-11
domain kiat.by 2020-12-11
domain mystorage-settings.ru 2020-12-11
domain nordtexnika.az 2020-12-11
domain office360.work 2020-12-11
domain office360share.com 2020-12-11
domain road258.website 2020-12-11
domain road349.website 2020-12-11
domain savalan.az 2020-12-11
domain wsus.ga 2020-12-11
domain wsusms.com 2020-12-11
References (2)
↗ https://github.com/DoctorWebLtd/malware-iocs/blob/master/BackDoor.RMS/README.adoc ↗ https://news.drweb.com/show/?i=14083&lng=en