 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Ragnatela| Names | Ragnatela Ragnatela RAT | |
| Category | Malware | |
| Type | Backdoor, Info stealer, Keylogger, Downloader, Exfiltration | |
| Description | (Malwarebytes) We identified what we believe is a new variant of the BADNEWS RAT called Ragnatela being distributed via spear phishing emails to targets of interest in Pakistan. Ragnatela, which means spider web in Italian, is also the project name and panel used by Patchwork APT. Ragnatela RAT was built sometime in late November as seen in its Program Database (PDB) path “E:\new_ops\jlitest __change_ops -29no – Copy\Release\jlitest.pdb”. It features the following capabilities: • Executing commands via cmd • Capturing screenshots • Logging Keystrokes • Collecting list of all the files in victim’s machine • Collecting list of the running applications in the victim’s machine at a specific time periods • Downing addition payloads • Uploading files | |
| Information | <https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/> | |
Last change to this tool card: 25 January 2022
Download this tool card in JSON format
Previous: RagnarLocker
Next: RaidBase
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Patchwork, Dropping Elephant |  | 2013-Jul 2024 | |||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |