Aria-body

Description

(Check Point) The RAT includes rather common capabilities of a backdoor, including:

• Create/Delete Files/Directories • Take a screenshot • Search file • Launch files using ShellExecute • Enumerate process loaded modules • Gather files’ metadata • Gather TCP and UDP table status listing • Close a TCP session • Collect OS information • Verify location using checkip.amazonaws.com • (Optional) Inter-process pipe based communication

Some of Aria-body variations also included other modules such as:

• USB data gathering module • Keylogger module to collect raw input device-based keystrokes – added by February 2018 • Reverse socks proxy module – added by February 2018 • Loading extensions module – added by December 2019

Names

Name
Aria-body
AR

Type

Reconnaissance
Backdoor
Keylogger
Info stealer
Tunneling

Information

Mitre Attack

https://attack.mitre.org/software/S0456/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.ariabody

Other Information

Uuid

2fb2ec92-5ef7-44e5-b69c-3356ff2a328f

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

Aria-body

Aria-body

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks