Quiterat

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
QuiteRAT is a new type of malware associated with the North Korea-linked Lazarus Group, known for their use of custom malware. Built using the Qt framework, QuiteRAT is smaller in size compared to MagicRAT, another malware linked to the group, due to its incorporation of fewer Qt libraries and lack of a built-in persistence mechanism. Despite this, it retains significant capabilities such as arbitrary command execution, although it requires granting power via a C2 server for persistence. The Lazarus Group exploited a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver QuiteRAT. The Advanced Persistent Threat (APT) group used this vulnerability to deploy the malware, infecting victims through a now-patched Zoho bug. The attackers have been exploiting this vulnerability to deploy the remote access Trojan QuiteRAT, according to HHS HC3. Last month, Cisco Talos detailed an espionage campaign that appeared to trace back to North Korea's Lazarus Group. This campaign targeted the Zoho ManageEngine vulnerability to deploy QuiteRAT. The Lazarus Group has also deployed this new variety of remote-access Trojan on the networks of a European internet backbone infrastructure provider. Furthermore, the group has been targeting Internet Infrastructure and Healthcare sectors with QuiteRAT, indicating a broad and potentially devastating impact.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Magicrat
4
MagicRAT is a type of malware, first observed by Cisco Talos in 2022, that was used by the Lazarus Group to exploit vulnerabilities in publicly exposed VMWare Horizon platforms, primarily targeting energy companies worldwide. This malicious software, which can infiltrate systems through suspicious d
Collectionrat
1
CollectionRAT is a newly identified malware, discovered by cybersecurity researchers who traced its origins through reused infrastructure components. This malicious software, short for Malware, is designed to exploit and damage computers or devices, often infiltrating systems via suspicious download
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Vulnerability
Manageengine
Curl
Implant
Trojan
Exploit
Reconnaissance
Exploits
Apt
Zimbra
Github
Backdoor
Cisco
Talos
State Sponso...
Uk
Espionage
Evasive
Poc
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
EarlyratUnspecified
2
EarlyRat is a previously undocumented malware discovered by Kaspersky researchers in June. The North Korea-linked Advanced Persistent Threat (APT) group Andariel used EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The malware was first noticed in one of the Log4j cases,
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Lazarus GroupUnspecified
4
The Lazarus Group, a threat actor attributed to North Korea, is renowned for its notorious cyber-exploitation activities. The group has been linked to various high-profile cyber-attacks, including the largest decentralized finance exploit in history, the Ronin exploit of March 2022. This attack led
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Magicrat QuiteratUnspecified
1
None
CVE-2022-47966Unspecified
1
CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of
Quiterat QuiteratUnspecified
1
None
Source Document References
Information about the Quiterat Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
7 months ago
Lazarus Cryptocurrency Hacks Estimated To Be $3 Billion
InfoSecurity-magazine
9 months ago
Philadelphia Alerts Public to Recent Data Breach
CERT-EU
9 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Targeting of internet infrastructure provider in Europe
BankInfoSecurity
10 months ago
Feds Warn Health Sector of Lazarus Group Attacks
BankInfoSecurity
10 months ago
Feds Urge Immediate Patching of Zoho and Fortinet Products
BankInfoSecurity
10 months ago
Feds Urge Immediately Patching of Zoho and Fortinet Products
CERT-EU
10 months ago
Weekendowa Lektura: odcinek 535 [2023-09-02]. Bierzcie i czytajcie | Zaufana Trzecia Strona
CERT-EU
a year ago
Lazarus Employs Public ManageEngine Exploit to Breach Internet Firms | IT Security News
BankInfoSecurity
a year ago
Lazarus Group Debuts Tiny Trojan for Espionage Attacks
CERT-EU
a year ago
Cyber Security Week in Review: August 25, 2023
CERT-EU
a year ago
Lazarus Group's infrastructure reuse leads to discovery of new malware - Cyber Security Review
CERT-EU
a year ago
North Korean APT Hacks Internet Infrastructure Provider via ManageEngine Flaw
InfoSecurity-magazine
a year ago
Lazarus Targets Internet Infrastructure and Healthcare with QuiteRAT
CERT-EU
a year ago
Lazarus Group Targets Internet Infrastructure and Healthcare with ‘QuiteRAT’ Malware | IT Security News
CERT-EU
a year ago
North Korea threat group exploiting ManageEngine ServiceDesk bug
CERT-EU
a year ago
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider | IT Security News
CERT-EU
a year ago
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
Securityaffairs
a year ago
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider
CERT-EU
a year ago
Hackers use public ManageEngine exploit to breach internet org
CERT-EU
a year ago
North Korea's Lazarus APT Uses GUI Framework to Build Stealthy RAT