← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Analysis of Pupy RAT Used in Attacks Against Linux Systems
WHITE AlienVault 2024-04-19 Modified: 2024-05-19
51
IOCs
HIGH VOLUME
Pupy RAT is a cross-platform remote access trojan that has been used by various threat actors, including APT groups, to target Linux and Windows systems. It provides features for remote control, information theft, and post-exploitation attacks. Recent examples include distribution alongside PlugX to target South Korea, and updated versions targeting Russia and Eastern Europe. To prevent infection, systems should be kept updated and anti-malware solutions used.
plugxthoperdestroyratkorplugcobaltstrikepupysogukabatvt
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Pupy PlugX - S0013 Thoper TVT DestroyRAT Sogu Kaba Korplug CobaltStrike
Indicators of Compromise (51)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 1358d7f17b0882a38a3cfa88df256fc1 2024-04-19
FileHash-MD5 16b088b75442e247a8c53161a8a130b0 2024-04-19
FileHash-MD5 1738429d3737b22d52b442c4faef50a1 2024-04-19
FileHash-MD5 2c802c1fac3b0035b2a79cbd56510caa 2024-04-19
FileHash-MD5 2f378559b835cbe9ec9874baec73a578 2024-04-19
FileHash-MD5 3eb3591c8c5d0a5a32dc24f91d6fe7fb 2024-04-19
FileHash-MD5 4c1124695279dd41c0b789235dbabf08 2024-04-19
FileHash-MD5 4eb6509cf46d480647556105b42b4bee 2024-04-19
FileHash-MD5 504612eaebc2660c4ac00f5db1d24fca 2024-04-19
FileHash-MD5 5ab182b00e674cea319e2152e7c3558f 2024-04-19
FileHash-MD5 64802dd9446be23d7188fb87426866cb 2024-04-19
FileHash-MD5 6a0a68b75ad2f087c1a566a6e3de1a28 2024-04-19
FileHash-MD5 71ca0622043a7dec95bb4514ce14d627 2024-04-19
FileHash-MD5 73a6b6e84caf0f12782b70ece7bd60de 2024-04-19
FileHash-MD5 74199f5ca6421ade97cc511651fa2e4b 2024-04-19
FileHash-MD5 9efdf13b1eee7b0c626d785b17cd5c95 2024-04-19
FileHash-MD5 cd206fff363bb5543fc67ed9a9bbe496 2024-04-19
FileHash-MD5 ef13037b082e9e1dfe39ae5cf9d101e3 2024-04-19
FileHash-MD5 ef7651bbbf3f05234f2b1d5e30103588 2024-04-19
FileHash-MD5 f35f7a7fb6c4352510c4f7a448e6ba03 2024-04-19
FileHash-MD5 f50d7a7bc104d87d6a4a9e2f4e1beedc 2024-04-19
FileHash-SHA1 290225939cc715c8855b56462b00e99c6d25f4b0 2024-04-19
FileHash-SHA1 5bca808478548acd538b583755ec0ff3060d513b 2024-04-19
FileHash-SHA1 7c4efecba1100778a0eb324fb114fd9aeecc1d83 2024-04-19
FileHash-SHA1 be0275967a3ac401ad04b00108c28640e3c1adae 2024-04-19
FileHash-SHA256 03f73fceebc4b0230d82cc26509aa32f36c1b34494ad2ed297b2e65eebbdb31a 2024-04-19
FileHash-SHA256 5a4e45f6c068569f58e191a306119159181d23d8864a04d125c7a8119198f35e 2024-04-19
FileHash-SHA256 95f0699e596af882a2a3869c2f3f76ffd9382bf7e3686b28961128869e2c515f 2024-04-19
FileHash-SHA256 ed746227c5cfe018d81b53f37f74fe0f64496503ec23d2b65b67244b1d1a26fd 2024-04-19
domain api1-cdn.com 2024-04-19
hostname 86.cdn-api.848820.com 2024-04-19
hostname 86.cdn-api.848820.com.bk1233.com 2024-04-19
hostname api.api-alipay.com 2024-04-19
hostname cache.cacti.api-cloudflare.com 2024-04-19
hostname gitall-api.microsoft-shop.com 2024-04-19
hostname gitall14-api.microsoft-shop.com 2024-04-19
hostname gitall18-api.microsoft-shop.com 2024-04-19
hostname hele.hkcdn.api-cloudflare.com 2024-04-19
hostname imag.awscnd.api-alipay.com 2024-04-19
hostname img.law.api-cloudflare.com 2024-04-19
hostname java.git.microsoft-shop.com 2024-04-19
hostname jvp21.api-cloudflare.com 2024-04-19
hostname jvp23.api-cloudflare.com 2024-04-19
hostname lw.cdn-image.microsoft-shop.com 2024-04-19
hostname lw.cdn-image.microsoft-shop.com.bk1233.com 2024-04-19
hostname pyq-pro.update.microsoft-shop.com 2024-04-19
hostname pyq-pro.update.microsoft-shop.com.bk1233.com 2024-04-19
hostname safe.0xhu.com 2024-04-19
hostname translate.cache01.mfath.ugliquarie.com 2024-04-19
hostname ue20.angc.blinktron.com 2024-04-19
hostname ue20.angc.blinktron.com.bk1233.com 2024-04-19
References (1)
↗ https://asec.ahnlab.com/en/64258/