Tools Used By Threat Actors
TORAT: ToRat is a Remote Administation tool written in Go Used By These Chinese attcker.
AsyncRAT: AsyncRAT is an open-source remote administration tool released on GitHub in January 2019. It’s designed to remotely control computers via encrypted connection, providing complete control via functionalities such as:
- View and record screen
- Keylogger
- Upload, download and execute files
- Chat communication
- Persistence mechanisms
- Disable Windows Defender
- Shutdown / Restart the machine
- DOS attack
for More info Click Here
IOCs:
SHA-256- 16b4a6fec76b452f77a6832871ff2e906d673e557a0e6c2673fc952181d1319b (VT)
- 26918ac16ad73b13fb7efdbcecbf988ed797944afa5d642b86129feabbfea81c (VT)
Payload URL:
hxxps://buckotx.s3.amazonaws[.]com/x.png
C2 Server:
- bashamed[.]org:6666
- Pop11.ddns[.]net:6666
- Wthcv.sytes[.]net:7400
- 2pop.ddns[.]net:6666
- 11l19secondpop.ddns[.]net:6666
- Newsa.ddns[.]net:6606
- Elliotgateway.ddns[.]net:5555
- Python.myvnc[.]com:7707
- Newopt.servehttp[.]com:7707
- Nomako.ddns[.]net:6606
- Python.blogsyte[.com:6606
Email:
Tags:
IOCs