ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Cardinal RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Cardinal RAT

NamesCardinal RAT
CategoryMalware
TypeReconnaissance, Backdoor, Keylogger, Info stealer, Credential stealer, Downloader, Exfiltration, Tunneling
Description(Palo Alto) The name Cardinal RAT comes from internal names used by the author within the observed Microsoft .NET Framework executables. To date, 27 unique samples of Cardinal RAT have been observed, dating back to December 2015. It is likely that the low volume of samples seen in the wild is partly responsible for the fact that this malware family has remained under the radar for so long.

The malware itself is equipped with a number of features, including the following:
• Collect victim information
• Update settings
• Act as a reverse proxy
• Execute command
• Uninstall itself
• Recover passwords
• Download and Execute new files
• Keylogging
• Capture screenshots
• Update Cardinal RAT
• Clean cookies from browsers
Information<https://unit42.paloaltonetworks.com/unit42-cardinal-rat-active-two-years/>
<https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.cardinal_rat>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:cardinal%20rat>

Last change to this tool card: 15 July 2020

Download this tool card in JSON format

All groups using tool Cardinal RAT

ChangedNameCountryObserved

APT groups

 Evilnum[Unknown]2018-Aug 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key