Pulse Detail — Threat Intelligence

PULSE NAME

Rafel RAT, Android Malware from Espionage to Ransomware Operations - Check Point Research

WHITE Threat Armature_TIP 2025-02-22 Modified: 2025-02-22

IOCs

MEDIUM VOLUME

A study by security firm Check Point Research has identified a range of malicious software designed to target Android devices, and identified an espionage group using Rafel RAT to carry out such operations, as well as ransomware.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1027

MALWARE FAMILIES

Trojans Android Threat Rafel

Indicators of Compromise (6 / 22 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821	—	2025-02-22
FileHash-SHA256	442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9	—	2025-02-22
FileHash-SHA256	5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b	—	2025-02-22
FileHash-SHA256	9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de	—	2025-02-22
FileHash-SHA256	c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63	—	2025-02-22
FileHash-SHA256	d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320	—	2025-02-22

References (1)

↗ https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/