{
  "name": "RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS",
  "slug": "rafel-rat-android-malware-from-espionage-to-ransomware-operations",
  "description": "Check Point Research has identified multiple threat actors utilizing Rafel, an open-source remote administration tool (RAT). The discovery of an espionage group leveraging Rafel in their operations was of particular significance, as it indicates the tool\u2019s efficacy across various threat actor profiles and operational objectives.",
  "published": "2024-06-20T15:50:23+00:00",
  "created_at": "2024-06-20T15:50:23+00:00",
  "modified_at": "2024-06-20T16:12:42+00:00",
  "created_at_opencti": "2024-06-20T15:50:23+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-06-20",
    "2fa bypass",
    "android",
    "data wipe",
    "discord",
    "google play",
    "infostealer",
    "rafel rat",
    "ransomware",
    "smartphone"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "c94416790693fb364f204f6645eac8a5483011ac73dba0d6285138014fa29a63"
      },
      {
        "id": "",
        "name": "5148ac15283b303357107ab4f4f17caf00d96291154ade7809202f9ab8746d0b"
      },
      {
        "id": "",
        "name": "9b718877da8630ba63083b3374896f67eccdb61f85e7d5671b83156ab182e4de"
      },
      {
        "id": "",
        "name": "344d577a622f6f11c7e1213a3bd667a3aef638440191e8567214d39479e80821"
      },
      {
        "id": "",
        "name": "d1f2ed3e379cde7375a001f967ce145a5bba23ca668685ac96907ba8a0d29320"
      },
      {
        "id": "",
        "name": "442fbbb66efd3c21ba1c333ce8be02bb7ad057528c72bf1eb1e07903482211a9"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:7e2e5bdd5cfb8604",
        "name": "Rafel RAT",
        "slug": "rafel-rat"
      }
    ],
    "attack_patterns": [
      {
        "id": "9c80a8a8-8832-4ab1-9611-41f8acd20393",
        "name": "T1565"
      },
      {
        "id": "4abf44e7-0c8c-48fc-9cc5-12fc33f919b6",
        "name": "T1211"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "29f7ff93-033b-4f8d-8691-5bcaa438c80f",
        "name": "T1592"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      }
    ]
  },
  "external_refs": [
    "https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/",
    "https://otx.alienvault.com/pulse/66746be0f2ef82559e2ac698"
  ]
}