WarzoneRAT2

WarzoneRAT/AveMaria RAT 2019 Salary $40/month. sgames.ovh.org C2. PO.exe is a business lure. Credential stealing+UAC bypass.

Threat Profile
Type RAT
Programming LanguageC++
C2 ProtocolTCP
First Seen2019
Targets Küresel Kurumsal
Purpose / Capabilities
  • Remote Access+Credential

C2 Servers 1

Address Port Protocol Status Action
sgames.ovh.org
80 HTTP INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (2)

High

WarzoneRAT/AveMaria -- PO.exe Satın Alma Emri, sgames.ovh.org OVH C2 | Yüksek

WarzoneRAT AveMariaRAT 968KB PO.exe Purchase Order. http://sgames.ovh.org OVH barindirma C2. VBS delivery.

Read Report →
High

WarzoneRAT 2 -- 363KB .NET, BTC P2SH 3RTQGYLSx + 3XTxJKLb, YufC2 Config | Yüksek

WarzoneRAT2 363KB .NET. BTC P2SH: 3RTQGYLSxT + 3XTxJKLblG. YufC2 config fragmenti.

Read Report →