Ratty (Malware Family)

Ratty

Ratty is an open source Java RAT, made available on GitHub and promoted heavily on HackForums. At some point in 2016 / 2017 the original author deleted his repository, but several clones exist.

References

2021-11-23 ⋅ HP ⋅ Patrick Schläpfer
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos

2020-06-28 ⋅ Security-in-Bits ⋅ Security-in-Bits
Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI
AdWind Ratty

Yara Rules

[TLP:WHITE] jar_ratty_w0 (20181105 | No description)

rule jar_ratty_w0 {

    meta:
        author = "[redacted]"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/jar.ratty"
        malpedia_version = "20181105"
        malpedia_license = "CC BY-NC-SA 4.0"
        malpedia_sharing = "TLP:WHITE"

    strings:
        $main1 = "TheClient.classPK"
        $main2 = "RattyClient.classPK"
        $main3 = "Ratty.classPK"
        $s1 = "ActiveConnection.classPK"
        $s2 = "XorCipher.classPK"

    condition:
       all of ($s*) and 1 of ($main*)
}

Download all Yara Rules

Ratty Propose Change

References

Yara Rules

Ratty