

 Tool: MagicRAT
 Tool: MagicRAT| Names | MagicRAT | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Talos) MagicRAT is programmed in C++ programming language and uses the Qt Framework by statically linking it to the RAT on 32- and 64-bit versions. The Qt Framework is a programming library for developing graphical user interfaces, of which this RAT has none. Talos believes that the objective was to increase the complexity of the code, thus making human analysis harder. On the other hand, since there are very few examples (if any) of malware programmed with Qt Framework, this also makes machine learning and heuristic analysis detection less reliable. | |
| Information | <https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S1182> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.magic_rat> | |
Last change to this tool card: 28 June 2025
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
| APT groups | |||||
| Lazarus Group, Hidden Cobra, Labyrinth Chollima |  | 2007-May 2025 |  | ||
1 group listed (1 APT, 0 other, 0 unknown)
| Digital Service Security Center Follow us on    | Report incidents | |
|  | +66 (0)2-123-1227 | |
|  | [email protected] | |