ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool 9002 RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: 9002 RAT

Names9002 RAT
McRAT
Hydraq
HOMEUNIX
Aurora
Roarur
CategoryMalware
TypeBackdoor, Info stealer
Description9002 RAT is a Remote Access Tool typically observed to be used by an APT to control a victim's machine. It has been spread over via zero day exploits (e.g. targeting Internet Explorer) as well as via email attachments. The infection chain starts by opening a .LNK (an OLE packager shell object) that executes a Powershell command.
Information<https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html>
<https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf>
<https://community.hpe.com/t5/Security-Research/9002-RAT-a-second-building-on-the-left/ba-p/6894315>
<http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/>
<https://www.fireeye.com/blog/threat-research/2013/05/ready-for-summer-the-sunshop-campaign.html>
<https://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/>
<https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures>
<https://www.fireeye.com/blog/threat-research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html>
<https://blog.trendmicro.com/trendlabs-security-intelligence/supply-chain-attack-operation-red-signature-targets-south-korean-organizations/>
MITRE ATT&CK<https://attack.mitre.org/software/S0203/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.9002>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:9002>

Last change to this tool card: 13 June 2020

Download this tool card in JSON format

All groups using tool 9002 RAT

ChangedNameCountryObserved

APT groups

 APT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
 APT 31, Judgment Panda, ZirconiumChina2016-Autumn 2020 
XAPT 41China2012-Mar 2021 HOTX
 Axiom, Group 72China2008-2008/2014 
 Bronze Butler, Tick, RedBaldNight, Stalker PandaChina2010-Apr 2021 HOTX
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Operation Red SignatureChina2018 
 PKPLUGChina2016 

8 groups listed (8 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key