RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS

June 20, 2024, 6:12 p.m.

Description

Check Point Research has identified multiple threat actors utilizing Rafel, an open-source remote administration tool (RAT). The discovery of an espionage group leveraging Rafel in their operations was of particular significance, as it indicates the tool’s efficacy across various threat actor profiles and operational objectives.

Date

Published: June 20, 2024, 5:50 p.m.

Created: June 20, 2024, 5:50 p.m.

Modified: June 20, 2024, 6:12 p.m.

Indicators

c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63

5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b

9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de

344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821

d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320

442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9

Attack Patterns

Rafel RAT

T1565

T1211

T1486

T1036

T1592

T1078