SharpRhino

Malware updated 23 days ago (2024-11-29T13:55:11.374Z)
Download STIX
Preview STIX
SharpRhino is a new malware employed by Hunters International, a group linked to Russia, with the primary purpose of infiltrating targeted infrastructure and establishing persistence. The malware disguises itself as the open-source network-administration tool, Angry IP Scanner, using typosquatting domains, a method that tricks users into downloading it instead of the legitimate software. Upon execution, SharpRhino provides the attackers with remote access to the device, enabling them to maintain this access and launch subsequent attacks. This malware represents an evolution in ransomware development tactics, aligning with trends observed in other notable examples such as Hive and BlackCat. The researchers discovered that SharpRhino uses a valid certificate signed by J-Golden Strive Trading Co. Ltd, making it appear as legitimate software. The file that delivers the malware is a Nullsoft Scriptable Installer System (NSIS)-packed executable, which most compression tools can understand and read. Qurom Cyber has provided a list of indicators of compromise for SharpRhino, aiding organizations in identifying if they have inadvertently downloaded the Remote Access Trojan (RAT) instead of the intended legitimate tool. Ultimately, SharpRhino's objective is to provide Hunters International with persistent control over a targeted system to launch sophisticated ransomware attacks for financial gain. These attacks are not sector or region-specific; instead, they are launched opportunistically.
Description last updated: 2024-10-17T11:47:18.854Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Hunters International Threat Actor is associated with SharpRhino. Hunters International, an active threat actor group since October of the previous year, has been identified as a significant cybersecurity concern. The group has taken over and rebranded the Hive ransomware, despite their disputes about this association. This development followed the disbandment of Unspecified
2
Source Document References
Information about the SharpRhino Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
4 months ago