ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Cardinal RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Cardinal RAT

NamesCardinal RAT
CategoryMalware
TypeReconnaissance, Backdoor, Keylogger, Info stealer, Credential stealer, Downloader, Exfiltration, Tunneling
Description(Palo Alto) The name Cardinal RAT comes from internal names used by the author within the observed Microsoft .NET Framework executables. To date, 27 unique samples of Cardinal RAT have been observed, dating back to December 2015. It is likely that the low volume of samples seen in the wild is partly responsible for the fact that this malware family has remained under the radar for so long.

The malware itself is equipped with a number of features, including the following:
• Collect victim information
• Update settings
• Act as a reverse proxy
• Execute command
• Uninstall itself
• Recover passwords
• Download and Execute new files
• Keylogging
• Capture screenshots
• Update Cardinal RAT
• Clean cookies from browsers
Information<https://unit42.paloaltonetworks.com/unit42-cardinal-rat-active-two-years/>
<https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/>
MITRE ATT&CK<https://attack.mitre.org/software/S0348/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.cardinal_rat>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:cardinal%20rat>

Last change to this tool card: 30 December 2022

Download this tool card in JSON format

Previous: CarbonSteal
Next: CarnavalHeist

All groups using tool Cardinal RAT

ChangedNameCountryObserved

APT groups

 Evilnum[Unknown]2018-2022 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]