SharpRhino – New Hunters International RAT

216.73.216.6

SharpRhino – New Hunters International RAT

· Published 06/08/2024 11:18 · Modified 06/08/2024 11:35

Essential information

Published: 06/08/2024 11:18
Modified: 06/08/2024 11:35
Tags: 2024-08-06 ransomware remote access sharprhino
Related entities: 6 observables, 1 intrusion sets (apt), 14 techniques (mitre), 1 malware

Description

Quorum Cyber's Incident Response team discovered a novel malware, SharpRhino, used by the threat actor Hunters International as an initial infection vector and Remote Access Trojan (RAT). This malware, coded in C#, is delivered via a typosquatting domain impersonating Angry IP Scanner. Upon execution, it establishes persistence and provides remote access, employing unseen techniques for elevated permissions. The report outlines SharpRhino's capabilities, Hunters International's tactics, MITRE ATT&CK mapping, and Indicators of Compromise.

External references

https://www.quorumcyber.com/insights/sharprhino-new-hunters-international-rat-identified-by-quorum-cyber
https://otx.alienvault.com/pulse/66b2069640b36ca550b82140