Register to stream ATT&CKcon 2.0 October 29-30


4H RAT is malware that has been used by Putter Panda since at least 2007. [1]

ID: S0065
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1059 Command-Line Interface 4H RAT has the capability to create a remote shell. [1]
Enterprise T1024 Custom Cryptographic Protocol 4H RAT obfuscates C2 communication using a 1-byte XOR with the key 0xBE. [1]
Enterprise T1083 File and Directory Discovery 4H RAT has the capability to obtain file and directory listings. [1]
Enterprise T1057 Process Discovery 4H RAT has the capability to obtain a listing of running processes (including loaded modules). [1]
Enterprise T1071 Standard Application Layer Protocol 4H RAT uses HTTP for command and control. [1]
Enterprise T1082 System Information Discovery 4H RAT sends an OS version identifier in its beacons. [1]

Groups That Use This Software

ID Name References
G0024 Putter Panda [1]