RAT (Remote Access Tool)

Forum for analysis and discussion about malware.

RAT (Remote Access Tool)

Postby rkhunter » Fri Apr 12, 2013 8:18 am

wanna to collect list of RATs here and info.

User avatar
rkhunter
 
Posts: 1145
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: RAT (Remote Access Tool)

Postby EP_X0FF » Fri Apr 12, 2013 8:56 am

Last edited by EP_X0FF on Fri Apr 12, 2013 11:49 am, edited 1 time in total.
Reason: fix
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562

Re: RAT (Remote Access Tool)

Postby r3shl4k1sh » Fri Apr 12, 2013 9:20 am

FBI (Full Backdoor Intergration) Rat
PsyRAT
Aryan RAT
User avatar
r3shl4k1sh
 
Posts: 119
Joined: Tue Feb 05, 2013 10:26 pm
Location: Israel
Reputation point: 41

Re: RAT (Remote Access Tool)

Postby R136a1 » Fri Apr 12, 2013 10:48 am

  • Schwarze Sonne RAT
  • Bozok
  • Bandook RAT
  • Nuclear RAT
  • LostDoor RAT
  • Spy-Net RAT
  • Pytho RAT
  • njRAT
  • jRAT

BTW
It's Bifrost not Bitfrost (according to norse mythology) ;-)
User avatar
R136a1
 
Posts: 215
Joined: Wed Jul 13, 2011 4:30 pm
Location: Germany
Reputation point: 136

Re: RAT (Remote Access Tool)

Postby EP_X0FF » Fri Apr 12, 2013 11:45 am

Yes I always mislabel this garbage. If you have any of listed RAT's not posted here, please attach (better each in separate topic), so we can build comprehensive list with samples, not only names.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562

Re: RAT (Remote Access Tool)

Postby rkhunter » Fri Apr 12, 2013 12:15 pm

Interesting question: could we name backdoors as RAT? For example well known for us - ZeroAccess. What are the main characteristics and differences between RATs and Backdoors? Guess some features, because RAT contains a lot of features like keylogger, special user interface...
User avatar
rkhunter
 
Posts: 1145
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: RAT (Remote Access Tool)

Postby R136a1 » Fri Apr 12, 2013 12:25 pm

Many (if not all) of these (patchwork) tools I mentioned are publicly available.
User avatar
R136a1
 
Posts: 215
Joined: Wed Jul 13, 2011 4:30 pm
Location: Germany
Reputation point: 136

Re: RAT (Remote Access Tool)

Postby EP_X0FF » Fri Apr 12, 2013 12:52 pm

ZeroAccess cannot be considered as RAT as none of it features or plugins not providing remote administration support. From the beginning RAT is not malware (e.g. Radmin/RealVNC), but a component that can be used by malware, while backdoor is a malware with implemented minumum remote administration functional as a optional feature.

Some trojans with backdoor functionality positioning itself as RAT, for example Blackshades. In the same time they offer crypter for their "product" ("prevent others (no matter who) from analyzing your executables (EXE) files") and multiscanner - "scanning engine to determine which anti-viruses detect a file". Making itself look legitimate as only possible.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4752
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 562

Re: RAT (Remote Access Tool)

Postby rkhunter » Fri Apr 12, 2013 1:30 pm

For me ZeroAccess can't be called as RAT, because it allows the remote access for attackers as secondary purpose. But backdoors equal to RAT because both allow remote access to compromised machine. And of course ZAccess is a malware.
User avatar
rkhunter
 
Posts: 1145
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: RAT (Remote Access Tool)

Postby k0ng0 » Fri Apr 12, 2013 2:34 pm

Cool List.
Me Wonders how yall keep up with this.
I do this on the side. Not full-time
k0ng0
 
Posts: 10
Joined: Fri Feb 08, 2013 7:57 pm
Reputation point: 0

Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 6 guests