RunningRAT

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
RunningRat is a type of malware that was discovered as part of a larger campaign that includes Gold Dragon, Brave Prince, and Ghost419. This malware is a remote access Trojan (RAT) that operates with two DLLs, and its main function is to steal keystrokes. However, further analysis has revealed that the DLL has code for more extensive functionality. McAfee ATR analysts are continuing to research RunningRat to determine if this extra code is used or possibly left over from a larger RAT toolkit. Similar to other malware, RunningRat can infect a computer through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The discovery of RunningRat and the larger campaign it is a part of highlights the need for increased vigilance in protecting against malware attacks. Businesses and individuals should take steps to protect their systems and data by regularly updating security software, avoiding suspicious emails and downloads, and backing up important data to prevent loss in the event of an attack.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gold Dragon
1
Gold Dragon is a Korean-language malware implant that has been observed since December 24, 2017. This data-gathering implant was designed to infiltrate systems, execute binaries from a control server, and encrypt the data it obtains using a generated key. Notably, Gold Dragon re-emerged on the same
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Rat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Brave PrinceUnspecified
1
"Brave Prince" is a Korean-language malware implant that was first observed in the wild on December 13, 2017. It exhibits similar code and behavior to the "Gold Dragon" variants, particularly in terms of system profiling and control server communication mechanisms. The malware sends logs to the atta
Ghost419Unspecified
1
Ghost419 is a malicious software, or malware, that first emerged in the wild on December 18, 2017. It is one of several implants, including Gold Dragon, Brave Prince, and Running Rat, which were named based on phrases found within their code. These implants appeared in December 2017 and demonstrate
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the RunningRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims' Systems