SYMBOLCOMMON_NAMEaka. SYNONYMS
jar.ratty (Back to overview)

Ratty

Ratty is an open source Java RAT, made available on GitHub and promoted heavily on HackForums. At some point in 2016 / 2017 the original author deleted his repository, but several clones exist.

References
2021-11-23HPPatrick Schläpfer
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos
2020-06-28Security-in-BitsSecurity-in-Bits
Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI
AdWind Ratty
Yara Rules
[TLP:WHITE] jar_ratty_w0 (20181105 | No description)
rule jar_ratty_w0 {

    meta:
        author = "[redacted]"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/jar.ratty"
        malpedia_version = "20181105"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    strings:
        $main1 = "TheClient.classPK"
        $main2 = "RattyClient.classPK"
        $main3 = "Ratty.classPK"
        $s1 = "ActiveConnection.classPK"
        $s2 = "XorCipher.classPK"

    condition:
       all of ($s*) and 1 of ($main*)
}
Download all Yara Rules