FormerFirstRAT

Description

(Palo Alto) This remote administration tool (RAT) is referred to as “FormerFirstRAT” by its authors. FormerFirstRAT communicates using unencrypted HTTP over port 443; the use of mismatching ports and communication protocols is not uncommon in targeted attack campaigns. In addition, port / protocol mis-match traffic can be an indicator of bad activity.

The remote server has the ability to respond and provide instructions to the RAT. We have identified the following functionalities: • Modify sleep timer between requests • Execute a command and return the command output • Browse the file system • Download files • Delete files • Exfiltrate victim information

Names

Name
FormerFirstRAT
FF-RAT
ffrat

Type

Backdoor
Exfiltration

Information

https://unit42.paloaltonetworks.com/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.former_first_rat

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:formerfirstrat

Other Information

Uuid

d04ba5af-cabc-4710-bf6e-84688a211480

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

FormerFirstRAT

FormerFirstRAT

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks