ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool ComRAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: ComRAT

NamesComRAT
CategoryMalware
TypeBackdoor
Description(G Data) In February 2014, the experts of the G DATA SecurityLabs published an analysis of Uroburos, the rootkit with Russian roots. We explained that a link exists between Uroburos and the Agent.BTZ malware, which was responsible for 'the most significant breach of U.S. military computers ever.' Nine months later, after the buzz around Uroburos, aka Snake or Turla, we now identified a new generation of Agent.BTZ. We dubbed it ComRAT and, by now, analyzed two versions of the threat (v3.25 and v3.26).
Information<https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified>
<http://www.intezer.com/new-variants-of-agent-btz-comrat-found/>
<http://www.intezer.com/new-variants-of-agent-btz-comrat-found-part-2/>
<https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/>
MITRE ATT&CK<https://attack.mitre.org/software/S0126/>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:comrat>

Last change to this tool card: 26 May 2020

Download this tool card in JSON format

All groups using tool ComRAT

ChangedNameCountryObserved

APT groups

 Turla, Waterbug, Venomous BearRussia1996-Feb 2021 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key