4H RAT is malware that has been used by Putter Panda since at least 2007. [1]

ID: S0065
Platforms: Windows
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1059 Command-Line Interface 4H RAT has the capability to create a remote shell.[1]
Enterprise T1024 Custom Cryptographic Protocol 4H RAT obfuscates C2 communication using a 1-byte XOR with the key 0xBE.[1]
Enterprise T1083 File and Directory Discovery 4H RAT has the capability to obtain file and directory listings.[1]
Enterprise T1057 Process Discovery 4H RAT has the capability to obtain a listing of running processes (including loaded modules).[1]
Enterprise T1071 Standard Application Layer Protocol 4H RAT uses HTTP for command and control.[1]
Enterprise T1082 System Information Discovery 4H RAT sends an OS version identifier in its beacons.[1]


Groups that use this software:

Putter Panda