← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Ave Maria campaign targeting r/cybersecurity users on Reddit.
WHITE AlienVault 2023-10-05 Modified: 2023-11-04
9
IOCs
LOW VOLUME
The author of the blog describes how someone was targeting members of r/cybersecurity on Reddit. The threat actor was using AVE Maria / Warzone RAT.
droppervbscript filewarzone ratlurewarzoneave maria
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Ave Maria
Indicators of Compromise (9)
All URL domain email hostname FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL http://SuperGuy.camdvr.org:6000 2023-10-05
URL https://www.freecryptorobot.com/Release/75K_EMAIL_USERPASS.rtf 2023-10-05
URL https://www.freecryptorobot.com/Release/Cache.exe 2023-10-05
domain avcheck.net 2023-10-05
email bd@hta4lyfeohyea.duckdns.org 2023-10-05
hostname hta4lyfeohyea.duckdns.org 2023-10-05
hostname superguy.camdvr.org 2023-10-05
hostname www.freecryptorobot.com 2023-10-05
FileHash-SHA256 89284a9cba85e7c58a4ff3ab95b1d74bec58d8ee5b0acd6014205a7596389815 2023-10-05
References (1)
↗ https://chris.partridge.tech/2023/malware-targeting-cybersecurity-subreddit/