WarzoneRAT
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 27/12/2021 18:21
- Modified
- 27/03/2026 01:07
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 79 attack patterns (mitre), 3 intrusion sets (apt), 6 sectors, 12 countries, 97 indicators, 3 vulnerabilities (cve)
Aliases
Warzone Ave Maria
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (79)
Intrusion sets (APT) (3)
-
YoroTrooper usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TA2541 usesThe MITRE Corporation Confidence 100
[TA2541](https://attack.mitre.org/groups/G1018) is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. [TA2541](https://attack.mitre.org/groups/G1018) campaigns are typically high volume and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[Scattered Spider](https://attack.mitre.org/groups/G1015) is a native English-speaking cybercriminal group active since at least 2022. (Citation: CrowdStrike Scattered Spider Profile) (Citation: MSTIC Octo Tempest Operations October 2023) The group initially…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (6)
-
Government targets
-
Pharmacy and drugs manufacturing targets
-
Education targets
-
Finance targets
-
Manufacturing targets
-
Energy targets
Countries (12)
-
Bangladesh targets
-
Belarus targets
-
United States of America targets
-
Tajikistan targets
-
Kazakhstan targets
-
Türkiye targets
-
Ukraine targets
-
Azerbaijan targets
-
Russian Federation targets
-
Kyrgyzstan targets
-
Afghanistan targets
-
Uzbekistan targets
Indicators (97)
-
stix 100/100 Revoked· Valid until 13/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 07/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 16/06/2024 · Source: AlienVault
-
http://179.60.150.118/new.exeindicatesstix 100/100 RevokedPE32 executable (GUI) Intel 80386, for MS Windows 842fc15b363a849a21ce37a22bd237371576a0a92adc3718adce933dfbb16f83
· Valid until 06/03/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 13/10/2025 · Source: AlienVault
-
stix 100/100 Revoked
Win.Dropper.Generic-7113183-0 SHA256 of c5cb27cb09bdc222aeffaf0cccb96bad
· Valid until 25/10/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 16/06/2024 · Source: AlienVault
-
http://91.246.41.200:56002indicatesstix 100/100 Revoked· Valid until 26/08/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 13/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 26/08/2024 · Source: AlienVault
Vulnerabilities (CVE) (3)
Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over …
- Attack vector
- Network
- Published
- 17/04/2025
- Modified
- 27/05/2026
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
- Attack vector
- Network
- Published
- 11/03/2025
- Modified
- 27/05/2026
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially …
- Attack vector
- Network
- Published
- 20/10/2025
- Modified
- 27/05/2026