Rectifyq📃Title: SlothfulMedia RAT Used in Targeted Attacks
📅Date: 2020-10-01
🔗References:
Description
A relatively new implant, which we have dubbed SlothfulMedia, has been used to target victims in a number of countries, including: India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine. The SlothfulMedia implant has the ability to run commands, kill processes, invoke a remote shell, add and delete registry values, take screen shots and interact with the file system.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Russia”
- target-information=“India”
- target-information=“Kazakhstan”
- target-information=“Kyrgyzstan”
- target-information=“Malaysia”
- target-information=“Ukraine”
- producer= CISA
- malpedia=“SlothfulMedia”
- mitre-attack-pattern=[]
MISP event uuid: 878d7da6-94df-48e6-a7c7-24eb048491ca
Indicator of Compromise (IoCs)
type,value,comment
md5, 448838b2a60484ee78c2198f2c0c9c85, 'botdropperinformation-stealerkeyloggerremote-access-trojantrojan'
md5, 9f23bd89694b66d8a67bb18434da4ee8, 'remote-access-trojan'
domain, sdvro.net, 'command-and-control'
sha256, 4186b5beb576aa611b84cbe95781c9dccca6762f260ac7a48f6727840fc057fa, 'remote-access-trojan No sample in VT\r\nLast check:23/02/2025'
Full IOCs available in Rectifyq’s MISP