Vatet

Description

(Palo Alto) Vatet is a custom loader that executes XOR encoded shellcode from the local disk or a network share. The loaders are typically open source applications found on GitHub, or other repositories, that the actors modify to load their shellcode. In most cases, the payload winds up being Cobalt Strike beacons and/or stagers, but some of the more recent payloads have been an updated version of the PyXie RAT. Vatet is often a precursor to enterprise-wide ransomware attacks.

Names

Name
Vatet

Type

Loader

Information

https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/

Other Information

Uuid

c026fd46-4d84-4351-85e7-5126e85f6d1b

Last Card Change

2021-04-23

Threat Intelligence Garden

Explorer

Vatet

Vatet

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks