Cardinal RAT

Description

(Palo Alto) The name Cardinal RAT comes from internal names used by the author within the observed Microsoft .NET Framework executables. To date, 27 unique samples of Cardinal RAT have been observed, dating back to December 2015. It is likely that the low volume of samples seen in the wild is partly responsible for the fact that this malware family has remained under the radar for so long.

The malware itself is equipped with a number of features, including the following: • Collect victim information • Update settings • Act as a reverse proxy • Execute command • Uninstall itself • Recover passwords • Download and Execute new files • Keylogging • Capture screenshots • Update Cardinal RAT • Clean cookies from browsers

Names

Name
Cardinal RAT

Type

Reconnaissance
Backdoor
Keylogger
Info stealer
Credential stealer
Downloader
Exfiltration
Tunneling

Information

Mitre Attack

https://attack.mitre.org/software/S0348/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.cardinal_rat

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:cardinal%20rat

Other Information

Uuid

fca0a40a-ae80-4525-82ad-ca1cf627344a

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

Cardinal RAT

Cardinal RAT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks