- Jul 22, 2014
- 2,525
A self-proclaimed member of the Anonymous hacker collective is behind a campaign to spread the Houdini RAT and is currently looking into deploying the MoWare H.F.D ransomware.
......
Recorded Future: Raad behind some Houdini campaigns
Raad's actions would have gone unnoticed if he wouldn't have weaponized and started distributing Houdini (or H-worm), a VBScript-based RAT that was created and first spread in 2013. His biggest mistake was by using PasteBin to store the RAT's main body, a VBScript file.
Because threat intelligence firm Recorded Future regularly scrapes and archives PasteBin uploads, his actions were uncovered earlier this month, after experts observed an overall increase in VBScripts posted on online paste sites.
Analyzing this surge, experts realized that most of the scripts were the Houdini VBScript. Analyzing the data, they identified three spikes of activity in August 2016, October 2016, and March 2017.
Recorded Future experts believe an infected computer would download the VBScript from the paste site, which would later connect to a C&C server and gain persistence on the infected host by setting up a local folder and registry key.
Raad registered a C&C domain under his real name
....
......
Recorded Future: Raad behind some Houdini campaigns
Raad's actions would have gone unnoticed if he wouldn't have weaponized and started distributing Houdini (or H-worm), a VBScript-based RAT that was created and first spread in 2013. His biggest mistake was by using PasteBin to store the RAT's main body, a VBScript file.
Because threat intelligence firm Recorded Future regularly scrapes and archives PasteBin uploads, his actions were uncovered earlier this month, after experts observed an overall increase in VBScripts posted on online paste sites.
Analyzing this surge, experts realized that most of the scripts were the Houdini VBScript. Analyzing the data, they identified three spikes of activity in August 2016, October 2016, and March 2017.
Recorded Future experts believe an infected computer would download the VBScript from the paste site, which would later connect to a C&C server and gain persistence on the infected host by setting up a local folder and registry key.
Raad registered a C&C domain under his real name
....