ElizaRAT

Description

(Check Point) ElizaRAT, a Windows Remote Access Tool disclosed in September 2023, is employed by Transparent Tribe in targeted attacks. Infections typically start via executable files shared through Google Storage links, likely due to phishing efforts. Earlier variants relied on Telegram for Command and Control (C2) communication. Since its initial detection, ElizaRAT has evolved in execution methods, detection evasion, and C2 communication, as demonstrated in three distinct campaigns from late 2023 to early 2024. Each campaign utilized a different variant of ElizaRAT to deploy specific payloads for automated information gathering.

Names

Name
ElizaRAT

Type

Backdoor

Information

https://blog.checkpoint.com/research/the-evolution-of-transparent-tribes-new-malware/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.eliza_rat

Other Information

Uuid

99c550ef-5f9a-49e5-b4d1-f05d18c4cc9f

Last Card Change

2024-12-27

Threat Intelligence Garden

Explorer

ElizaRAT

ElizaRAT

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks