Back

Aiming at domestic government and enterprises! Deeply revealed ransomware operator Rast gang

Sept. 30, 2024, 10:50 a.m.

Tags

ransomware
china
government
rust
rdp
phobos
2024-09-30
globeimposter
mysql
gandcrab
buran
nday
rast
enterprises

External References

https://ti.qianxin.com/

https://otx.alienvault.com/

Description

A new ransomware threat, dubbed Rast, has emerged targeting Chinese government and enterprises since December 2023. Written in Rust, Rast has infected over 6,800 terminals, successfully encrypting more than 5,700. The Rast gang, named after the ransomware, operates primarily between 20:00 and 05:00, suggesting a European base. Their attack method involves RDP brute-forcing and exploiting Nday vulnerabilities to access border servers, followed by manual deployment of ransomware components. The gang's tactics are reminiscent of operators distributing Buran, GlobeImposter, Phobos, and GandCrab ransomware. Rast ransomware has evolved through three versions, with the latest requiring manual operation via a console interface. Victim information is uploaded to a MySQL database, revealing a wide range of affected sectors including government, finance, and various industries.

Date

Published Created Modified
Sept. 30, 2024, 10:39 a.m. Sept. 30, 2024, 10:39 a.m. Sept. 30, 2024, 10:50 a.m.

Indicators

d65a8e91ec94ebf8f215426711affa0eccff71bb80c135f81257414e8188320e

ca9a2c44214f2a79375d5fb0784d4bf60a6c8dbf73428c42f333f461e1978732

2f93d82c949e87782edd40fc3706126a73d107964132828156113f1ca890bf76

080c6108c3bd0f8a43d5647db36dc434032842339f0ba38ad1ff62f72999c4e5

572d88c419c6ae75aeb784ceab327d040cb589903d6285bbffa77338111af14b

94.232.249.179

179.43.172.241

http://179.43.172.241:21

http://94.232.249.179:3306

user1@email.com

test@yadas.com

rast@airmail.cc

qyxugani@airmail.cc

myfile@waifu.club

hoeosi@airmail.cc

hashtreep@waifu.club

fat32@airmail.cc

dataserver@airmail.cc

bitcloud@cock.li

basedata@airmail.cc

backup@waifu.club

Attack Patterns

GandCrab

Buran

Rast

Phobos

GlobeImposter

Rast gang

T1021.001

T1070.001

T1490

T1012

T1204.002

T1573

T1486

T1016

T1082

T1057

T1083

T1046

T1140

T1033

T1027

T1112

T1566

T1133

T1078

T1003

Additional Informations

Technology

Finance

Government

Manufacturing

China