← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Rafel RAT, Android Malware from Espionage to Ransomware Operations - Check Point Research
WHITE Threat Armature_TIP 2025-02-22 Modified: 2025-02-22
22
IOCs
MEDIUM VOLUME
A study by security firm Check Point Research has identified a range of malicious software designed to target Android devices, and identified an espionage group using Rafel RAT to carry out such operations, as well as ransomware.
androidrafel ratrafelandroid malwarecheck pointpakistandevice admininternalservicegoogleresearchlifelodaransomindonesiapixelnexuspatchmalwareransomwareaprilthreattrojansoctoberaugustandroid versionfebruaryattack
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Trojans Android Threat Rafel
Indicators of Compromise (22)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 21c2de1ee0ea905c3c9ed6ab1bb09ced MD5 of c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63 2025-02-22
FileHash-MD5 4a40410e3ed082aa20d4eaa508ed451d MD5 of 5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b 2025-02-22
FileHash-MD5 4e604e03cba3ad8da5f1ebbd7ba100bb MD5 of 9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de 2025-02-22
FileHash-MD5 578ab3fb6d1b6313f106518128053931 MD5 of 344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821 2025-02-22
FileHash-MD5 94bca3926cd70f60d54be7218dd7ac55 MD5 of d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320 2025-02-22
FileHash-MD5 d92eecc462e59f3e2061a6a568935b96 MD5 of 442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9 2025-02-22
FileHash-SHA1 14596ae969626eecdb7aa5d73a1b89dd0fbc53f8 SHA1 of 442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9 2025-02-22
FileHash-SHA1 3229106dee092e03d7344e398e57e47961e1df8c SHA1 of 344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821 2025-02-22
FileHash-SHA1 3b6fceace06f575f4ce1791a7f6c35e35b1ee703 SHA1 of c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63 2025-02-22
FileHash-SHA1 9b9ac365f701904533d21465f4e55a38e2f093c4 SHA1 of 9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de 2025-02-22
FileHash-SHA1 ace5a4e3ab9a2d25ce475ef88ddc1d3a27cacb9e SHA1 of 5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b 2025-02-22
FileHash-SHA1 b0a58d44603f9b184cf26bf5b265644f9843faef SHA1 of d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320 2025-02-22
FileHash-SHA256 344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821 2025-02-22
FileHash-SHA256 442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9 2025-02-22
FileHash-SHA256 5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b 2025-02-22
FileHash-SHA256 9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de 2025-02-22
FileHash-SHA256 c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63 2025-02-22
FileHash-SHA256 d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320 2025-02-22
domain bazfinc.xyz 2025-02-22
domain districtjudiciarycharsadda.gov.pk 2025-02-22
domain uni2phish.ru 2025-02-22
domain zetalinks.tech 2025-02-22
References (1)
↗ https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/