Rectifyq📃Title: The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government
📅Date: 2024-09-04
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- action-taken: diamond-model
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Malaysia”
- sector=“Government, Administration”
- sector=“Political party”
- malpedia=“BabyLon RAT”
- producer= Cyble
- mitre-attack-pattern=[‘T1115’, ‘T1555.003’, ‘T1027.007’, ‘T1027.013’, ‘T1041’, ‘T1056.001’, ‘T1027.012’, ‘T1204.002’, ‘T1059.001’, ‘T1547.001’, ‘T1082’, ‘T1071.001’]
MISP event uuid: f6e08cf8-0233-4db5-a87b-68d99ce7191e
Indicator of Compromise (IoCs)
type,value,comment
md5, 85bf32363c6e50c95a674ac964bdba8a, 'SalahLaku_MARA.iso'
md5, f3e410928fecf68cec98236d1bf0598d, 'PANDUAN_PENGGUNA_MyKHAS.iso'
md5, e2766648a25373c2cf86c9dd3a2fd7c8, 'LimKitSiang_teks_penuh.iso'
md5, 3b76157fa7707ef11312a6061d7c7f4e, 'Salahlaku_Sektor_Keusahawanan_MARA.lnk'
md5, 843154177ad124c22d0107ea786b82f8, 'PANDUAN_PENGGUNA_MyKHAS.lnk'
md5, 96d29a1b21594dccd795d5295f7f9967, 'Salahlaku_Sektor_Keusahawanan_MARA.ps1'
md5, a17a1666f47953d6e505182909c74170, 'Wrapper for Babylon RAT - controller.exe'
md5, bc598aa0d798948e0d1a9184e0e4be5e, 'Artifact contained in iso - PDFview.exe'
md5, e7d2e1452702bc0de5a92e745dbdc4a9, 'PANDUAN_PENGGUNA_MyKHAS.ps1'
md5, 2fc775f241750387ba578af5ed11ec99, 'Kit_Siang_Bimbang_Gelombang_Hijau.ps1'
md5, 840a97991dc4489c5d1a37172bf54ac7, 'Kit_Siang_Bimbang_Gelombang_Hijau.lnk'
ip-dst, 64.176.65.152, 'C&C'
domain, workhub-microsoft-team.com, 'C&C'
ip-dst, 149.28.19.207, 'C&C'
hostname, fund.sekretariatparti.org, 'C&C'
Full IOCs available in Rectifyq’s MISP