Full Report
2025-01-02 • Cyfirma • cyfirma • win.noneuclid_rat Open article on Malpedia
Analysis Summary
This summary is based on the provided content snippets, which primarily serve as an index or list of reports rather than containing the full technical text for deep analysis. Therefore, the content extracted for each entry below is solely derived from the titles, authors, and organizations mentioned in the context.
***
# Tool/Technique: NonEuclid RAT
## Overview
NonEuclid RAT is identified as a specific Remote Access Trojan (RAT) analyzed by Cyfirma.
## Technical Details
- Type: Malware family (RAT)
- Platform: Windows (implied by `win.noneuclid_rat` naming convention)
- Capabilities: Remote Access capabilities (standard for a RAT)
- First Seen: 2025-01-02 (Date associated with the inventory entry)
## MITRE ATT&CK Mapping
- **Note:** Specific mappings are not provided in the context and are left blank.
## Functionality
### Core Capabilities
- Providing remote access and control over compromised systems.
### Advanced Features
- **Note:** Advanced features are not detailed in the context.
## Indicators of Compromise
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
- **Note:** Not specified in the context.
## Detection Methods
- **Note:** Not specified in the context.
## Mitigation Strategies
- **Note:** Standard RAT mitigation strategies apply (e.g., network segmentation, strict egress filtering, application whitelisting), but specific advice is unavailable.
## Related Tools/Techniques
- Xeno RAT (Mentioned as another recent RAT report)
***
# Tool/Technique: Vilsa Stealer
## Overview
Vilsa Stealer is identified as an Information Stealer malware analyzed by Cyfirma.
## Technical Details
- Type: Malware family (Infostealer)
- Platform: Not explicitly stated, but stealers often target Windows.
- Capabilities: Stealing sensitive information.
- First Seen: 2024-10-04
## MITRE ATT&CK Mapping
- **Note:** Specific mappings are not provided in the context and are left blank.
## Functionality
### Core Capabilities
- Theft of data: credentials, browser information, cryptocurrency wallets, etc. (typical for stealers).
### Advanced Features
- **Note:** Advanced features are not detailed in the context.
## Indicators of Compromise
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
- **Note:** Not specified in the context.
## Detection Methods
- **Note:** Not specified in the context.
## Mitigation Strategies
- **Note:** Not specified in the context.
## Related Tools/Techniques
- **Note:** None explicitly listed as related in the context snippet.
***
# Tool/Technique: Evilbyte
## Overview
Evilbyte is mentioned in the context of a "Hamas Leadership Assassination Explainer," suggesting it is malware linked to a specific geopolitical event or threat actor.
## Technical Details
- Type: Malware family (Implied, given the context with other malware reports)
- Platform: Not explicitly stated.
- Capabilities: Not detailed, but potentially related to espionage or disruption given the associated article title.
- First Seen: 2024-08-05
## MITRE ATT&CK Mapping
- **Note:** Specific mappings are not provided in the context and are left blank.
## Functionality
### Core Capabilities
- **Note:** Core capabilities are not detailed in the context.
### Advanced Features
- **Note:** Advanced features are not detailed in the context.
## Indicators of Compromise
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
- Potentially threat actors targeting Hamas leadership (as per article title).
## Detection Methods
- **Note:** Not specified in the context.
## Mitigation Strategies
- **Note:** Not specified in the context.
## Related Tools/Techniques
- **Note:** None explicitly listed as related in the context snippet.
***
# Tool/Technique: Xeno RAT
## Overview
Xeno RAT is described as a new Remote Access Trojan possessing "Advance Capabilities."
## Technical Details
- Type: Malware family (RAT)
- Platform: Not explicitly stated.
- Capabilities: Remote Access, advanced functionalities (beyond standard RAT features).
- First Seen: 2024-02-23
## MITRE ATT&CK Mapping
- **Note:** Specific mappings are not provided in the context and are left blank.
## Functionality
### Core Capabilities
- Providing remote access and control over infected systems.
### Advanced Features
- Advanced capabilities are implied but not specified in the summary text.
## Indicators of Compromise
- File Hashes: N/A
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
- **Note:** Not specified in the context.
## Detection Methods
- **Note:** Not specified in the context.
## Mitigation Strategies
- **Note:** Not specified in the context.
## Related Tools/Techniques
- NonEuclid RAT (Mentioned in the same inventory list)