← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
WHITE Mustard Tempest AlienVault 2024-12-02 Modified: 2024-12-03
41
IOCs
MEDIUM VOLUME
The Horns&Hooves campaign, active since March 2023, targets Russian businesses with malicious email attachments containing scripts that install NetSupport RAT or BurnsRAT. The campaign evolved through several versions, improving obfuscation and delivery methods. It uses decoy documents and legitimate-looking file names to trick users. The attackers, likely associated with the TA569 group, gain remote access to infected systems and potentially sell this access to other cybercriminals. The campaign has affected over a thousand users, primarily in Russia, and has been observed attempting to install additional malware like Rhadamanthys and Meduza stealers.
meduzaremote accessburnsratnetsupport rat
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
NetSupport RAT BurnsRAT Rhadamanthys Meduza
Indicators of Compromise (41)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 051552b4da740a3af5bd5643b1dc239a 2024-12-02
FileHash-MD5 0fea857a35b972899e8f1f60ee58e450 2024-12-02
FileHash-MD5 12ab1bc0989b32c55743df9b8c46af5a 2024-12-02
FileHash-MD5 17a78f50e32679f228c43823faabedfd 2024-12-02
FileHash-MD5 1b41e64c60ca9dfadeb063cd822ab089 2024-12-02
FileHash-MD5 20014b80a139ed256621b9c0ac4d7076 2024-12-02
FileHash-MD5 29362dcdb6c57dde0c112e25c9706dcf 2024-12-02
FileHash-MD5 327a1f32572b4606ae19085769042e51 2024-12-02
FileHash-MD5 34eb579dc89e1dc0507ad646a8dce8be 2024-12-02
FileHash-MD5 3e86f6fc7ed037f3c9560cc59aa7aacc 2024-12-02
FileHash-MD5 50dc5faa02227c0aefa8b54c8e5b2b0d 2024-12-02
FileHash-MD5 5f4284115ab9641f1532bb64b650aad6 2024-12-02
FileHash-MD5 63647520b36144e31fb8ad7dd10e3d21 2024-12-02
FileHash-MD5 67677c815070ca2e3ebd57a6adb58d2e 2024-12-02
FileHash-MD5 7f0ee078c8902f12d6d9e300dabf6aed 2024-12-02
FileHash-MD5 8096e00aa7877b863ef5a437f55c8277 2024-12-02
FileHash-MD5 882f2de65605dd90ee17fb65a01fe2c7 2024-12-02
FileHash-MD5 ae4d6812f5638d95a82b3fa3d4f92861 2024-12-02
FileHash-MD5 b03c67239e1e774077995bac331a8950 2024-12-02
FileHash-MD5 b3bde532cfbb95c567c069ca5f90652c 2024-12-02
FileHash-MD5 b9956282a0fed076ed083892e498ac69 2024-12-02
FileHash-MD5 ba69cc9f087411995c64ca0d96da7b69 2024-12-02
FileHash-MD5 e760a5ce807c756451072376f88760d7 2024-12-02
FileHash-MD5 edfb8d26fa34436f2e92d5be1cb5901b 2024-12-02
FileHash-SHA1 6e26e7ec76c94aea95e4a07bcc256a15b85d9514 2024-12-02
FileHash-SHA1 abfcd51bb120a7eae5bbd9a99624e4abe0c9139d 2024-12-02
FileHash-SHA256 58eb9f211ddbb5a6a3bfec345431c40ac61090241b865dbe26bbf958afc685ed 2024-12-02
FileHash-SHA256 f4e2f28169e0c88b2551b6f1d63f8ba513feb15beacc43a82f626b93d673f56d 2024-12-02
URL http://golden-scalen.com/ngg_cl.zip 2024-12-02
URL http://xoomep1.com:1935 2024-12-02
URL http://xoomep2.com:1935 2024-12-02
URL https://golden-scalen.com/files/ 2024-12-02
URL https://golden-scalen.com/files/* 2024-12-02
URL https://www.linkpicture.com/q/1_1657.png 2024-12-02
domain golden-scalen.com 2024-12-02
domain gribidi2.com 2024-12-02
domain labudanka2.com 2024-12-02
domain shetrn1.com 2024-12-02
domain shetrn2.com 2024-12-02
domain xoomep1.com 2024-12-02
domain xoomep2.com 2024-12-02
References (1)
↗ https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/