 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Deed RAT| Names | Deed RAT SnappyBee | |
| Category | Malware | |
| Type | Reconnaissance, Backdoor, Loader | |
| Description | (BleepingComputer) Deed RAT's functions depend on which plugins are fetched and loaded. For example, PT has seen eight plugins for startup, C2 config, installation, code injection into processes, network interactions, connection management, registry editing, registry monitoring, and proxy sniffing. The supported protocols for C2 communication include TCP, TLS, HTTP, HTTPS, UDP, and DNS, so there's generally a high level of versatility. The commands supported by Deed RAT are the following: • Collect system information • Create a separate communication channel for a plugin • Self-remove • Ping • Deactivate connection • Update the shellcode for an injection stored in the registry • Update the main shellcode on disk and delete all plugins | |
| Information | <https://www.bleepingcomputer.com/news/security/chinese-space-pirates-are-hacking-russian-aerospace-firms/> <https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/> | |
Last change to this tool card: 26 December 2024
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Salt Typhoon, GhostEmperor |  | 2020-Jan 2025  |  | ||
| Space Pirates | | 2017-Nov 2024 | |||
2 groups listed (2 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |