DarkCrystal RAT Cyber Attacks Targeting Government Officials in Ukraine
June 6, 2024, 8:35 a.m.
Tags
External References
Description
This intelligence document outlines targeted cyber attacks against government officials, military personnel, and defense industry representatives in Ukraine using the DarkCrystal RAT malware. The malware is distributed through the Signal messaging app, disguised as messages from existing contacts or group members. The attack involves sending an archive with a password and instructions to open the file on the victim's computer. The archive contains an executable file that is a RARSFX archive, which in turn contains malicious VBE, BAT, and EXE files that infect the system with DarkCrystal RAT, enabling unauthorized remote access. The report highlights the trend of increasing cyber attacks using messaging apps and compromised legitimate accounts, enticing victims to open files on their computers.
Date
Published: June 6, 2024, 8:02 a.m.
Created: June 6, 2024, 8:02 a.m.
Modified: June 6, 2024, 8:35 a.m.
Indicators
f59e4490a26c421b7d01d05193de927c773b9cbd6cbd91903b422a903ec301a1
f26ec43245406c30cc5efb7ad6d8e9018117919c4a03cec2972520e526db3b0c
d0d6c1f07382ca03866fc3ca198efa8e4a777ecd7ccdc517a4b6ddb7d2d1245e
ef6cd2c75b3370d1bcc95beb573ad09861e0ed22b2becc1c16cfff88dae5a157
b60ac68e278045aadb9ec3196327a90efebf8b48bbe7819c6bf0f5a4678efd62
8cc204cdd79c811b2d48d878f4cbfcc2e4db88bfaa17bf2c13351e338f8547b3
a7f896b2a2433fd178afffba59ace1c27ec4b4fa20ecc59ee7da7c96314c6b09
6bdd44d7b55d47ebd1a00fec6cfda0506efbacbe05022dada9c9dccb5d60909f
3ad5473cee7a16bddce171e42b2dbb42caf1bdfbf8f2ef280d956a9940500520
224e71eea37f1353ea8ee0fef0a513d7f0577dcec3241d6710ad249715a269c7
1418111224c143fba191efa1fe1a1c4a653b951e4bb07f6fd0b7782631571b93
02d657729837838d18bbe6b4bae44cab0e6d3a357836d7cd6a9bb7288543facb
188.245.50.32
http://188.245.50.32/VideocentralLocal/PublicdownloadsWp/python4RequestRequest/Javascript8Geovoiddb/pipepacketServer/cdn/18/_auth/ToBigloadPublic/dump/VideoPipephpHttpServerlinuxPublic.php
Attack Patterns
DarkCrystal RAT
T1053.001
T1021.006
T1589.001
T1003.001
T1021.001
T1053.005
T1573.002
T1059.003
T1071.001
T1204.002
T1105
T1566.001
T1570
T1219
T1027
Additional Informations
Defense
Government
Ukraine