ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Deed RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Deed RAT

NamesDeed RAT
CategoryMalware
TypeReconnaissance, Backdoor, Loader
Description(BleepingComputer) Deed RAT's functions depend on which plugins are fetched and loaded. For example, PT has seen eight plugins for startup, C2 config, installation, code injection into processes, network interactions, connection management, registry editing, registry monitoring, and proxy sniffing.

The supported protocols for C2 communication include TCP, TLS, HTTP, HTTPS, UDP, and DNS, so there's generally a high level of versatility.

The commands supported by Deed RAT are the following:
• Collect system information
• Create a separate communication channel for a plugin
• Self-remove
• Ping
• Deactivate connection
• Update the shellcode for an injection stored in the registry
• Update the main shellcode on disk and delete all plugins
Information<https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/>
<https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/>

Last change to this tool card: 19 July 2022

Download this tool card in JSON format

All groups using tool Deed RAT

ChangedNameCountryObserved

APT groups

 Space PiratesChina2017-Sep 2022 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]