← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ClayRat: What was that?
WHITE PetrP.73 2026-03-23 Modified: 2026-03-23
41
IOCs
MEDIUM VOLUME
ClayRat is a family of Android malware categorized as a Remote Access Trojan (RAT) and spyware. It enables attackers to monitor users covertly and exert remote control over infected devices. The malware's capabilities include intercepting SMS messages, monitoring call logs, accessing contacts, capturing screenshots, and executing commands received from a command and control (C2) server. It primarily propagates through phishing sites or masquerading as legitimate apps.
clayratjsongorilladcrattelegramkpmailandroidspywareremote accesstrojanwebviewmogwai
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ClayRat
Indicators of Compromise (41)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 e99ed610f69eef88046e5a52a638fc3c 2026-03-23
FileHash-SHA1 6f9920f11bf4bd0b6e08b578201a8a37fff1283c 2026-03-23
FileHash-SHA256 6227833177b3e4390759802c303cb8d51168d1698e113dc700a97b9e43f88ba8 2026-03-23
FileHash-SHA256 c5ae9f00de305435ad8a1f17cd825a576a237c5a116b469d40b994101a7c02a2 2026-03-23
FileHash-SHA256 d6b5ebce1531484f384868c68c1639acc351954b09b7fbb989d2060f2adc0c45 2026-03-23
URL http://clay.kpmail.su/ 2026-03-23
URL http://clay.kpmail.su/ws/android 2026-03-23
URL https://mrqz.me/pomogivpoiske?yclid=14905483089039327231 2026-03-23
domain dragonball.cfd 2026-03-23
domain dragonball.rest 2026-03-23
domain dragonball.sbs 2026-03-23
domain korobok.site 2026-03-23
domain kpmail.su 2026-03-23
domain mrqz.me 2026-03-23
hostname 999.claydc.top 2026-03-23
hostname armenin.clay.rest 2026-03-23
hostname atom.clayrat.top 2026-03-23
hostname babynot.clay.rest 2026-03-23
hostname billy.clayhusas.sbs 2026-03-23
hostname burger.clayfenrirhuy.top 2026-03-23
hostname cash.clayrat.top 2026-03-23
hostname cc.claysrat.top 2026-03-23
hostname clay.kpmail.su 2026-03-23
hostname dcrat.kpmail.su 2026-03-23
hostname ded.clayratnik.top 2026-03-23
hostname error.clayhusas.sbs 2026-03-23
hostname gelya.claysrat.top 2026-03-23
hostname igro.clayratnik.top 2026-03-23
hostname liker.clay.rest 2026-03-23
hostname mryes.clayfenrirhuy.top 2026-03-23
hostname n1.claysrat.top 2026-03-23
hostname phobia.clay.rest 2026-03-23
hostname pidoras.claysrat.top 2026-03-23
hostname pupkin.clayratnik.top 2026-03-23
hostname scodex.clayratnik.top 2026-03-23
hostname shiza.clayratnik.top 2026-03-23
hostname slavik.clay.rest 2026-03-23
hostname stepan.clayratnik.top 2026-03-23
hostname swaga.claydc.top 2026-03-23
hostname swapn.claydc.top 2026-03-23
hostname xapaem.clayratnik.top 2026-03-23
References (1)
↗ https://rt-solar.ru/solar-4rays/blog/6472/