Rftrat

Malware updated 5 months ago (2024-05-04T20:28:24.586Z)
Download STIX
Preview STIX
Rftrat is a type of malware used by the Kimsuky Group in their cyber-attacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware, along with another known as Amadey, has been distributed via spear-phishing attacks containing booby-trapped attachments and links, aiming to bypass security products. An in-depth investigation into the latest set of Kimsuky Group attack indicators of compromise (IoCs), specifically those that used the RftRAT and Amadey malware, uncovered 702 potentially connected artifacts. These included 336 email-connected domains, five IP addresses, five IP-connected domains, and 356 string-connected domains. This discovery highlights the extensive network and sophisticated techniques employed by the Kimsuky Group in their cyber-attacks. The AhnLab Security Emergency Response Center (ASEC) published an in-depth investigation of the latest Kimsuky attack, specifically using RftRAT and Amadey. They identified six domains and seven IP addresses as IoCs. This disclosure underscores the importance of ongoing cybersecurity research and collaboration in mitigating the risks posed by such advanced persistent threats. ASEC's findings provide valuable insights for enhancing system defenses against these types of malware.
Description last updated: 2024-01-13T00:18:14.356Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Rftrat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
CERT-EU
10 months ago