 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Deed RAT| Names | Deed RAT | |
| Category | Malware | |
| Type | Reconnaissance, Backdoor, Loader | |
| Description | (BleepingComputer) Deed RAT's functions depend on which plugins are fetched and loaded. For example, PT has seen eight plugins for startup, C2 config, installation, code injection into processes, network interactions, connection management, registry editing, registry monitoring, and proxy sniffing. The supported protocols for C2 communication include TCP, TLS, HTTP, HTTPS, UDP, and DNS, so there's generally a high level of versatility. The commands supported by Deed RAT are the following: • Collect system information • Create a separate communication channel for a plugin • Self-remove • Ping • Deactivate connection • Update the shellcode for an injection stored in the registry • Update the main shellcode on disk and delete all plugins | |
| Information | <https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/> <https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/> | |
Last change to this tool card: 19 July 2022
Download this tool card in JSON format
Previous: DeepCreep
Next: Defray777
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Space Pirates |  | 2017-Sep 2022 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |