The Evolution of Dark Caracal Tools: Campaign Analysis Using the Poco RAT

March 5, 2025, 6:37 p.m.

Description

Attacks using the Poco RAT are a continuation of the Dark Caracal group's campaign. This campaign was launched in 2022 and is aimed at Spanish-speaking countries in Latin America.

External References

https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/ehvolyuciya-instrumentov-dark-caracal-analiz-kampanii-s-ispolzovaniem-poco-rat/#id14
https://otx.alienvault.com/pulse/67c8961bf10b4d1579405c67
Tags
rat
phishing
windows
2025-03-05
vmware
bandook
poco rat
ultimate packer
executables
virtualbox
dark caracal
poco c++

Date

  • Created: March 5, 2025, 6:21 p.m.
  • Published: March 5, 2025, 6:21 p.m.
  • Modified: March 5, 2025, 6:37 p.m.

Indicators

  • e5ce11d9bdc7433f713a6f7bd1c05b0a98355ad8a9995e0b5349b10c9d0df1b1
  • e5bc162807af900cf73a3f9a3e4cc1c5b10f774f44baa3632f4af6465c80c464
  • c8d20ae481f17de8606b92ab3170daea423081bf854d4b6957d7f2dd114a1f6a
  • a6ac2fd5dc59f5300c930b3fd5ffd6ed6e4dc27a2707e0293d521c88de027d4b
  • 918309457c875042e044510966083575a1635e977f1baed76b4f35815d631da1
  • 8a0beec469a4373a2ebb4b21f013c33e3d2c539514462df5ff88dc8df9e87b3b
  • 57358c9f7f38a9364884cdcc4919ec3f7c71f147e4329d72867f29f1828aac4e
  • 44945f3a5be8e627adcc2bf91e971b405a3c3ad22f2b219c99ffb05628895bec
  • 3fe4ac73a5c94ac392ad43bde078e27b3dcab03717e13e5515ef6fd9a2dea711
  • 3cc284cecc3a8513d8ba664f88c1164312c049822f9deb009fd0f63dd0c22801
  • 3c099ec7363407c9fb742beca81f97ecca93807e0f4c7fe73e019a3ccedbd220
  • 302c707321abc9eca4d14171a33c9c5207711d2a18acc81b31a40bb68d6bea99
  • 289757c325556561c88a3918f3cc04251dc1d2fe2dbfc24acf8e635da7982853
  • 26ee4581ec0d064a1296e8178b016249977a483fccb89dd55ab6634aac4faa0f
  • 247b0725fc0935131537dd00eb454269f3dd5c8c94002448c7b3c27a9aafc75c
  • 21ff46a6fc9173fcc147d7a5c603032c662c6c1f1b05c1bb1e30e20e168bb056
  • 1e7d86f9ff5fd50aeeeb04040baad0ac0d84347d60e132458448096a758e9ace
  • 1cd3fce0b3fa628bf174fdd4151626327eab3aa3ce0f81ecd2423c4b56b221bf
  • 18ba3612b1f0dbd23f8ab39b2d096bab0ed3438b37932f473c787e24e57e8397
  • 1786f16a50a4255df8aa32f2e21f2829b4f8aaba2ced3e4a7670846205b3ac70
  • 158255fa4a257953edf84323b4d7fef129ab55450919a66d6ce8bc9d78612230
  • 13306775fdf506b706693deccb44ec364fe04dbf3c471227c2439c2462e19080
  • 12e849ffba407d5db756879fd257c4b736eb4b6adac6320d2f1916d6a923fa46
  • 121d941ba5a6ff8d99558e0919f49b926fbcd00e3007aad14ac85e799d55473c
  • 0ffc7ae741bb90c7f8e442d89b985def9969ebf293442f751ab2e69f4df226a8
  • 0fe11d78990590652f4d0f3afba5670e030b8ab714db9083fd0a981e0f1f48f3
  • 0d6822c93cb78ad0d2ad34ba9057a6c9de8784f55caa6a8d8af77fed00f0da0a
  • 0864b87a18356bbe93b2e10f1deee5d4b705fc824899d227ced25c96390b8a0d
  • 08552f588eafceb0fa3117c99a0059fd06882a36cc162a01575926736d4a80eb
  • 032ff087debc175342e01a3bb205fbd7ab2e724babcb24cc4b66f1d8df783612
  • 05bf7db7debfeb56702ef1b421a336d8431c3f7334187d2ccd6ba34816a3fd5a
  • 01e8536751080ea135c3ad7ae9187d06cdcccddfc89bc0d41ea4281eeb3e9fb4
  • 94.131.119.126
  • 83.97.20.153
  • 77.91.100.237
  • 45.67.34.219
  • 194.48.248.72
  • 185.216.68.143
  • 185.216.68.121
  • 185.10.68.52
  • 193.233.203.63
Download all indicators here!

Attack Patterns

  • Poco RAT
  • Bandook
  • Dark Caracal