Report

Home > List all groups > List all tools > List all groups using tool XtremeRAT

Threat Group Cards: A Threat Actor Encyclopedia

Tool: XtremeRAT

Names	XtremeRAT ExtRat
Category	Tools
Type	Backdoor, Keylogger, Info stealer, Exfiltration
Description	A publicly available RAT. (FireEye) XtremeRAT allows an attacker to: • Interact with the victim via a remote shell • Upload/download files • Interact with the registry • Manipulate running processes and services • Capture images of the desktop • Record from connected devices, such as a webcam or microphone Moreover, during the build process, the attacker can specify whether to include keylogging and USB infection functions.
Information	<https://www.fireeye.com/blog/threat-research/2014/02/xtremerat-nuisance-or-threat.html> <https://community.rsa.com/community/products/netwitness/blog/2017/08/02/malspam-delivers-xtreme-rat-8-1-2017> <https://www.symantec.com/connect/blogs/colombians-major-target-email-campaigns-delivering-xtreme-rat> <https://malware.lu/articles/2012/07/22/xtreme-rat-analysis.html>
Malpedia	<https://malpedia.caad.fkie.fraunhofer.de/details/win.extreme_rat>
AlienVault OTX	<https://otx.alienvault.com/browse/pulses?q=tag:xtremerat>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

Previous: xsPlus
Next: X-Tunnel

All groups using tool XtremeRAT

Changed	Name	Country	Observed
APT groups
	Molerats, Extreme Jackal, Gaza Cybergang	[Gaza]	2012-Apr 2021
	Packrat	[Latin America]	2008

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT) Electronic Transactions Development Agency Follow us on	Report incidents
		+66 (0)2-123-1234
		report@thaicert.or.th
		Download PGP key