InnaputRAT

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
InnaputRAT is a Remote Access Trojan (RAT) malware that has been distributed by threat actors using phishing techniques and the Godzilla Loader. The malware, capable of exfiltrating files from victim machines, was identified in campaigns where it beaconed to live C2 as of March 26, 2018. The threat actors used phishing and downloader(s) to install InnaputRAT on the target's machine without their knowledge. This campaign shared a common malware payload, InnaputRAT, which was found communicating with top domains. Upon analyzing the original infrastructure, additional instances of the InnaputRAT payload were identified on further infrastructure. The most recent variant of InnaputRAT, detected on March 13, 2018, showed similar characteristics to previous samples, including sharing the same C2s, the same NeutralApp.exe name, and the same Registry Key creation. This consistency in attributes across samples suggests an evolution of the InnaputRAT malware over time. The infrastructure and registrants tied to the distribution of InnaputRAT were all associated with the common malware payload. The identification of this recent version of InnaputRAT was made possible through initial phishing campaigns, infrastructure correlation, and binary analysis. The continuous evolution of InnaputRAT highlights the persistent threat posed by such malware and underscores the importance of maintaining robust cybersecurity measures to protect against these evolving threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Malware Payl...
Rat
Payload
Loader
Phishing
Malware
Domains
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GodzillaUnspecified
1
Godzilla is a potent malware that allows attackers to remotely control compromised servers, execute arbitrary commands, upload and download files, manipulate databases, and perform other malicious activities. The malware was linked to a group known as Ethereal Panda by CrowdStrike due to their simil
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the InnaputRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files | NETSCOUT