4H RAT

4H RAT is malware that has been used by Putter Panda since at least 2007. [1]

ID: S0065
Aliases: 4H RAT
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1059Command-Line Interface4H RAT has the capability to create a remote shell.[1]
EnterpriseT1024Custom Cryptographic Protocol4H RAT obfuscates C2 communication using a 1-byte XOR with the key 0xBE.[1]
EnterpriseT1083File and Directory Discovery4H RAT has the capability to obtain file and directory listings.[1]
EnterpriseT1057Process Discovery4H RAT has the capability to obtain a listing of running processes (including loaded modules).[1]
EnterpriseT1071Standard Application Layer Protocol4H RAT uses HTTP for command and control.[1]
EnterpriseT1082System Information Discovery4H RAT sends an OS version identifier in its beacons.[1]

Groups

Groups that use this software:

Putter Panda

References