Revenge RAT

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Revenge RAT is a malicious software that uses advanced delivery techniques and support infrastructure to exploit and damage computer systems. It utilizes an Office macro within a Microsoft Office Excel Worksheet to infect its targets. The malware is not dropped onto the disk but is loaded directly into the memory of a process via the "Reflection.Assembly" PowerShell command, making it stealthier and harder to detect. This Remote Access Trojan (RAT) automatically gathers system information before allowing threat actors to remotely access system components such as webcams, microphones, and various other utilities. In 2022, the usage of Revenge RAT significantly increased, with campaigns delivering a mixture of malware including Loda, Revenge RAT, and AsyncRAT. These were delivered through a variety of mechanisms such as URLs, RAR attachments, ISO attachments, and Office documents. The ultimate goal was to download a RAT, most commonly Loda or Revenge RAT, onto the target machine. The frequent checking ensured that any changes made would be quickly followed, and the repeated attempts to run the Revenge RAT binary made it almost certain that even if the process was terminated, the RAT would be running again soon. Cofense Intelligence has recently reported enhancements in this basic and widely available RAT, which help it to access webcams, microphones, and other utilities as Revenge RAT conducts reconnaissance and attempts to establish a foothold in targeted computers. Despite being a simple and freely available RAT, Revenge RAT's increasingly sophisticated delivery methods and support infrastructure have made it a significant cybersecurity threat.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Malware
Trojan
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AsyncRATUnspecified
1
AsyncRAT is a malicious software (malware) that targets computer systems to exploit and damage them, often infiltrating the system without the user's knowledge through suspicious downloads, emails, or websites. The malware operates by loading an executable which unpacks a DLL in memory, subsequently
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Revenge RAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
7 months ago
TA2541: Threats to Aviation, Aerospace, & Travel | Proofpoint US
MITRE
a year ago
Revenge RAT Malware is a Bigger Threat | Cofense
Threat Post
a year ago
Fake Reservation Links Prey on Weary Travelers