JhoneRAT

Description

(Talos) Today, Cisco Talos is unveiling the details of a new RAT we have identified we’re calling ‘JhoneRAT.’ This new RAT is dropped to the victims via malicious Microsoft Office documents. The dropper, along with the Python RAT, attempts to gather information on the victim’s machine and then uses multiple cloud services: Google Drive, Twitter, ImgBB and Google Forms. The RAT attempts to download additional payloads and upload the information gathered during the reconnaissance phase. This particular RAT attempts to target a very specific set of Arabic-speaking countries. The filtering is performed by checking the keyboard layout of the infected systems.

Names

Name
JhoneRAT

Type

Reconnaissance
Backdoor
Downloader
Dropper

Information

https://blog.talosintelligence.com/2020/01/jhonerat.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.jhone_rat

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:JhoneRAT

Other Information

Uuid

21ed6073-21b0-41df-ba0a-312e06d1992c

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

JhoneRAT

JhoneRAT

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks