HZ Rat backdoor for macOS harvests data from WeChat and DingTalk

Aug. 27, 2024, 3:34 p.m.

Description

A version of the HZ Rat backdoor targeting users of China’s WeChat and DingTalk was uploaded to VirusTotal in July 2023 and was not detected by any vendor, research by Kaspersky suggests.

External References

https://securelist.com/hz-rat-attacks-wechat-and-dingtalk/113513/
https://otx.alienvault.com/pulse/66cdecf5a99ed7805f3ef3af
Tags
backdoor
macos
trojan
2024-08-27
instant messengers
hz rat
dingtalk
wechat
openvpn

Date

  • Created: Aug. 27, 2024, 3:12 p.m.
  • Published: Aug. 27, 2024, 3:12 p.m.
  • Modified: Aug. 27, 2024, 3:34 p.m.

Indicators

  • 20.60.250.230
  • 58.49.21.113
  • 47.100.65.182
  • 29.40.48.21
  • 218.65.110.180
  • 218.193.83.70
  • 123.232.31.206
  • 120.53.133.226
  • 113.125.92.32
  • 111.21.246.147
Download all indicators here!

Attack Patterns

  • HZ RAT