Trusted Design

Spam Campaign Distributes AdWind RAT

概要

Dell SecureWorks Counter Threat Unit™ (CTU) researchers analyzed spam campaigns that distributed the AdWind remote access trojan (RAT). AdWind, also known as Frutas, UNRECOM, AlienSpy, and JSocket, is a Java-based RAT. It is typically distributed as a .jar (Java archive) attachment via spam emails (see Figure 1) and relies on social engineering to convince a victim to execute the attachment. In some samples analyzed by CTU researchers, the attachment was an obfuscated VBScript (.vbs) file that downloads and installs AdWind, or the email message just included a link to download and install the malware.

Created: 2026-02-23

Indicators

• hostname - pepepepe.myvnc.com -
• URL - http://avppet.com/wp-includes/js/tinymce/plugins/media/Oracle_64 -
• URL - http://avppet.com/wp-includes/js/tinymce/plugins/media/Oracle_32 -
• FileHash-MD5 - 7fb6f134cce1a187d104ad9062b2a139 -
• domain - avppet.com -
• hostname - millzjsocsingwi80gm.duckdns.org -
• FileHash-SHA256 - 6ea105a93c804d11d1c3c6fe405b52cf2a7fa716e32190f1424302611446f502 -
• domain - ebediyazarlar.com -
• domain - edebiyazarlar.com -
• URL - http://euforiafryz.pl/tmp/RTGSpayment.zip -
• hostname - milzwiregma.no-ip.biz -
• FileHash-MD5 - 6ab9c4547c9f9d1a634c2c496a08d417 -
• FileHash-SHA256 - b8106a2a42f68f1d84c47fb1375833bb1e7dd210f358b4bb81bf1c2adf2cc5a7 -
• FileHash-MD5 - 0557257b83751f96338149540122997b -
• FileHash-MD5 - a593e1504d0a01fb66f0081ffa311cd6 -
• domain - euforiafryz.pl -
• FileHash-SHA256 - 677055e9d6819f8eeff7b1bacfe40d3bda7611bd5bdb3c234084e8a47f06a03c -
• FileHash-SHA256 - f38df5a5babe1f48a65777549b63aaa8b6fbdd64aa1534f71b4df8ccd497d275 -
• domain - kulturatesesi.com -
• FileHash-SHA256 - d1853eefe67eb9828da6f6cf1d0b32385bddc930a83450b5f050d0dcedea3913 -
• FileHash-MD5 - 6bee0eefb649a78d90d3961e290f7c7d -
• FileHash-MD5 - 8cf9a5e2d9322a104b98acbc01b00ce1 -
• FileHash-SHA256 - a12d2feb590152438c4f66bf84bede7b7696f2cf7c82c358c0800bc9b6a36760 -

類似Pulses

• TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (score: 0.80)
• Adwind RAT Malware (score: 0.80)
• Adwind: another payload for botnet-based malspam (score: 0.79)
• Adwind: another payload for botnet-based malspam (score: 0.78)
• Adwind: another payload for botnet-based malspam (score: 0.78)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る