HZ Rat backdoor for macOS harvests data from WeChat and DingTalk

Aug. 27, 2024, 3:34 p.m.

Tags
backdoor
macos
trojan
2024-08-27
instant messengers
hz rat
dingtalk
wechat
openvpn
External References
Description

A version of the HZ Rat backdoor targeting users of China’s WeChat and DingTalk was uploaded to VirusTotal in July 2023 and was not detected by any vendor, research by Kaspersky suggests.

Date

Published: Aug. 27, 2024, 3:12 p.m.

Created: Aug. 27, 2024, 3:12 p.m.

Modified: Aug. 27, 2024, 3:34 p.m.

Indicators

20.60.250.230

58.49.21.113

47.100.65.182

29.40.48.21

218.65.110.180

218.193.83.70

123.232.31.206

120.53.133.226

113.125.92.32

111.21.246.147

Download all indicators here!

Attack Patterns

HZ RAT

T1573

T1090

T1059