RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS

June 20, 2024, 6:12 p.m.

Description

Check Point Research has identified multiple threat actors utilizing Rafel, an open-source remote administration tool (RAT). The discovery of an espionage group leveraging Rafel in their operations was of particular significance, as it indicates the tool’s efficacy across various threat actor profiles and operational objectives.

External References

https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/
https://otx.alienvault.com/pulse/66746be0f2ef82559e2ac698
Tags
ransomware
android
infostealer
discord
2024-06-20
google play
rafel rat
data wipe
smartphone
2fa bypass

Date

  • Created: June 20, 2024, 5:50 p.m.
  • Published: June 20, 2024, 5:50 p.m.
  • Modified: June 20, 2024, 6:12 p.m.

Indicators

  • c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63
  • 5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b
  • 9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de
  • 344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821
  • d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320
  • 442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9
Download all indicators here!

Attack Patterns

  • Rafel RAT