SYMBOLCOMMON_NAMEaka. SYNONYMS
win.jhone_rat (Back to overview)

JhoneRAT


Cisco Talos identified JhoneRAT in January 2020. The RAT is delivered through cloud services (Google Drive) and also submits stolen data to them (Google Drive, Twitter, ImgBB, GoogleForms). The actors using JhoneRAT target Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain and Lebanon.

References
2020-12-21Cisco TalosJON MUNSHAW
@online{munshaw:20201221:2020:4a88f84, author = {JON MUNSHAW}, title = {{2020: The year in malware}}, date = {2020-12-21}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/12/2020-year-in-malware.html}, language = {English}, urldate = {2020-12-26} } 2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-09CybereasonCybereason Nocturnus Team
@techreport{team:20201209:molerats:a13c569, author = {Cybereason Nocturnus Team}, title = {{MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign}}, date = {2020-12-09}, institution = {Cybereason}, url = {https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf}, language = {English}, urldate = {2020-12-10} } MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign
JhoneRAT Molerat Loader Pierogi Quasar RAT Spark
2020-03-03Palo Alto Networks Unit 42Robert Falcone, Bryan Lee, Alex Hinchliffe
@online{falcone:20200303:molerats:990b000, author = {Robert Falcone and Bryan Lee and Alex Hinchliffe}, title = {{Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations}}, date = {2020-03-03}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/}, language = {English}, urldate = {2020-03-03} } Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations
Downeks JhoneRAT Molerat Loader Spark
2020-01-16Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura, Eric Kuhla
@online{mercer:20200116:jhonerat:b41f102, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura and Eric Kuhla}, title = {{JhoneRAT: Cloud based python RAT targeting Middle Eastern countries}}, date = {2020-01-16}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/01/jhonerat.html}, language = {English}, urldate = {2020-01-27} } JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
JhoneRAT

There is no Yara-Signature yet.