← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware.
WHITE PetrP.73 2025-10-17 Modified: 2025-10-17
45
IOCs
MEDIUM VOLUME
The resurgence of Android malware campaigns disguised as Indian RTO (Regional Transport Office) applications has been documented by Cyble Research and Intelligence Labs (CRIL). These campaigns aim to compromise sensitive information of users in India, utilizing various distribution methods such as WhatsApp, SMS containing shortened URLs, GitHub-hosted APKs, and compromised websites, which highlight the multiple vectors of infection used by threat actors.
figuremalwaretelegram botopensandroid malwarewhatsappurlsghostbat ratcrilghostbatratbotmaliciousvirustotaldownloadphishingclickfacebook
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (11 / 45 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 5ea52544159f3bf68be89b8caf184982 MD5 of 6c775e2ce7de008f2373e99175f669acfd5e72d728151769cfe5fe464f19aa6e 2025-10-17
FileHash-MD5 70e4212bab913c8b5582b5fe210f8c6a MD5 of fdb81133b158d3850cd29e8cb78e6328e53c6ac3918819f32cf2e8c780edfb02 2025-10-17
FileHash-MD5 8552fcbaf36e53ddecac83bce2684420 MD5 of 29a5f916350d94b67edfd099fa03a043f758be01e6d54e8339586509ab2d6432 2025-10-17
FileHash-MD5 c33f2e074f29a4f67d763085cb5c3a10 MD5 of aaee01a0a38190f013f06db4cabcd7b3398b7eb336d3aef19c2c259688097355 2025-10-17
FileHash-MD5 c8fd28a13fa596ceebf0e01b6ae61965 MD5 of f380ebf824402072752b34b45d4e8847969810954d3ce702d3438c5fd7200cd9 2025-10-17
FileHash-MD5 cfa338ec2e857942eff4d4f3fb3d1d7d MD5 of 63af5fec17b54a3ad460aac86c30158a4c825158e1af4988a40baf69094abca1 2025-10-17
FileHash-MD5 d5dc6eeaf2aa90289f4c874e64ef80a2 MD5 of 98991cd9557116b7942925d9c96378b224ad12e2746ac383752b261c31e02a1f 2025-10-17
FileHash-MD5 e1b430de58aba93bd648851305d232be MD5 of d3bfcb0fc5cb22a4ba033a38d0cf402bf82bbbc2ab6c8c7481096edd0ccf1563 2025-10-17
FileHash-MD5 e9d6a4ceb1db2a2098b11b86c010fe51 MD5 of b100aac64134b3f794daac47888728765cf748af14dd200d92d231ce22c4deaf 2025-10-17
FileHash-MD5 ebfa0564d0d326cf31e2deee4f495dd5 MD5 of 74ad795f95cf6a4f9135698c912c4a862b89121e32b8297f1f1b794db92aefd5 2025-10-17
FileHash-MD5 fc774c3e309046f28b27bb05c0050330 MD5 of ff3181ed289fcabd244e946073199dbfc98599552ff8ed4fd5224aa5c684e0a2 2025-10-17
References (1)
↗ https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/