Firebird Rat

Malware Profile Updated 12 days ago

Download STIX

Preview STIX

Firebird RAT is a malicious software (malware) known for its harmful effects on computer systems and devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Firebird RAT can steal personal information, disrupt operations, or even hold data hostage for ransom. This malware's capabilities have made it a significant threat in the digital world, causing widespread concern among cybersecurity professionals. In a significant development, the authors and operators of the Firebird RAT were apprehended by law enforcement agencies from the United States and Australia. The arrest was the result of a joint operation conducted by the Australian Federal Police (AFP) and the Federal Bureau of Investigation (FBI). These arrests mark a notable achievement in international cooperation against cybercrime, demonstrating the global commitment to tackling such threats. The individuals arrested are suspected of creating and selling the Firebird RAT, which was later renamed as Hive. The details of their activities and the extent of the damage caused by the malware they developed are expected to emerge during their trials. The successful operation against the creators of this notorious malware sends a strong message to other potential cybercriminals and signifies a win for cybersecurity efforts worldwide.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Hive	1	Hive is a malicious software, or malware, that infiltrates systems to exploit and damage them. This malware has been associated with Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive to crack passwords offline. The Hive operation was primarily involved in port scanning, credential thef

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Australian

Rat

Poc

Ransomware

Vulnerability

Spyware

Known Exploi...

Exploit

Backdoor

Malware

Linux

Ios

Ics

Vpn

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Firebird	Unspecified	1	Firebird is a malicious software (malware) that has been utilized by the threat actor known as DoNot Team. This sophisticated malware, developed with .NET, is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside a sys

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Lightspy	Unspecified	1	LightSpy is a threat actor known for its malicious activities in the realm of cybersecurity. This entity, which could be an individual, a private organization, or a government body, has been identified as the force behind a series of cyber attacks targeting South Asia. The primary method of attack i

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2023-22518	Unspecified	1	CVE-2023-22518 is a critical vulnerability that was discovered in all versions of Atlassian Confluence Data Center and Server products. Identified as an improper authorization flaw, it posed significant risks including potential data loss if exploited by an unauthenticated attacker. The vulnerabilit
CVE-2024-3400	Unspecified	1	CVE-2024-3400 is a critical vulnerability identified in the GlobalProtect Gateway feature of Palo Alto Networks' PAN-OS versions 10.2, 11.0, and 11.1. This flaw, a command injection vulnerability, allows for unauthenticated remote code execution, posing significant security risks to affected systems

Source Document References

Information about the Firebird Rat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Securityaffairs	5 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	6 days ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	12 days ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	20 days ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	a month ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	2 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	US and Australian police arrested Firebird RAT author and operator