[rkhunter]

wanna to collect list of RATs here and info.

• DarkComet: Backdoor:Win32/Fynloski and DarkComet Analysis
• XtremeRAT: Backdoor XtremeRAT
• Poison Ivy: Backdoor:Win32/Poisonivy
• PlugXRAT: An Analysis of PlugX
• GhostRAT
• FakemRAT

[EP_X0FF]

Cybergate http://www.kernelmode.info/forum/viewto ... f=16&t=518
Blackshades http://www.kernelmode.info/forum/viewto ... f=16&t=590
Ghost RAT http://www.kernelmode.info/forum/viewto ... =21&t=2051
Bifrost RAT http://www.kernelmode.info/forum/viewto ... f=16&t=764

[r3shl4k1sh]

FBI (Full Backdoor Intergration) Rat
PsyRAT
Aryan RAT

[R136a1]

• Schwarze Sonne RAT
• Bozok
• Bandook RAT
• Nuclear RAT
• LostDoor RAT
• Spy-Net RAT
• Pytho RAT
• njRAT
• jRAT

BTW
It's Bifrost not Bitfrost (according to norse mythology)

[EP_X0FF]

Yes I always mislabel this garbage. If you have any of listed RAT's not posted here, please attach (better each in separate topic), so we can build comprehensive list with samples, not only names.

[rkhunter]

Interesting question: could we name backdoors as RAT? For example well known for us - ZeroAccess. What are the main characteristics and differences between RATs and Backdoors? Guess some features, because RAT contains a lot of features like keylogger, special user interface...

[R136a1]

Many (if not all) of these (patchwork) tools I mentioned are publicly available.

[EP_X0FF]

ZeroAccess cannot be considered as RAT as none of it features or plugins not providing remote administration support. From the beginning RAT is not malware (e.g. Radmin/RealVNC), but a component that can be used by malware, while backdoor is a malware with implemented minumum remote administration functional as a optional feature.

Some trojans with backdoor functionality positioning itself as RAT, for example Blackshades. In the same time they offer crypter for their "product" ("prevent others (no matter who) from analyzing your executables (EXE) files") and multiscanner - "scanning engine to determine which anti-viruses detect a file". Making itself look legitimate as only possible.

[rkhunter]

For me ZeroAccess can't be called as RAT, because it allows the remote access for attackers as secondary purpose. But backdoors equal to RAT because both allow remote access to compromised machine. And of course ZAccess is a malware.

[k0ng0]

Cool List.
Me Wonders how yall keep up with this.
I do this on the side. Not full-time