ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool ShimRAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: ShimRAT

NamesShimRAT
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(Fox-IT) ShimRat is a custom developed piece of malware known as a ‘RAT’, Remote Administration Tool. It has among others standard capabilities for filesystem interaction.The malware was originally built in 2012 and its features were expanded over the years. The artifacts left in the first samples, are a good indicator that the project has been started in 2012. Multiple pdB paths were seen in the early versions of ShimRat. These PDB paths are not visible in the latest versions of ShimRat, due to how the samples are prepared. The PDB paths are either stripped or filled with different paths.
Information<https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.shimrat>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool ShimRAT

ChangedNameCountryObserved

APT groups

 Whitefly, Mofang[Unknown]2012-Jul 2018 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key