ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool Ragnatela

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Ragnatela

Ragnatela RAT
TypeBackdoor, Info stealer, Keylogger, Downloader, Exfiltration
Description(Malwarebytes) We identified what we believe is a new variant of the BADNEWS RAT called Ragnatela being distributed via spear phishing emails to targets of interest in Pakistan. Ragnatela, which means spider web in Italian, is also the project name and panel used by Patchwork APT.

Ragnatela RAT was built sometime in late November as seen in its Program Database (PDB) path “E:\new_ops\jlitest __change_ops -29no – Copy\Release\jlitest.pdb”. It features the following capabilities:
• Executing commands via cmd
• Capturing screenshots
• Logging Keystrokes
• Collecting list of all the files in victim’s machine
• Collecting list of the running applications in the victim’s machine at a specific time periods
• Downing addition payloads
• Uploading files

Last change to this tool card: 25 January 2022

Download this tool card in JSON format

All groups using tool Ragnatela


APT groups

 Patchwork, Dropping ElephantIndia2013-Nov 2021 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]