SYMBOLCOMMON_NAMEaka. SYNONYMS
win.almondrat (Back to overview)

AlmondRAT

Actor(s): HAZY TIGER

According to Threatray, AlmondRAT is a .NET Remote Access Trojan deployed by the Bitter APT group. It is capable of collecting system information, modifying and exfiltrating data and allows for remote command execution and shares similar functionality with BDarkRAT.

References
2025-06-04ThreatrayAbdallah Elshinbary, Jonas Wagner, Konstantin Klinger, Nick Attfield
The Bitter End: Unraveling Eight Years of Espionage Antics – Part Two
AlmondRAT AlmondRAT Artra Downloader BDarkRAT Havoc KiwiStealer KugelBlitz MiyaRAT ORPCBackdoor WmRAT ZxxZ
2022-07-05SECUINFRASECUINFRA Falcon Team
Whatever floats your Boat – Bitter APT continues to target Bangladesh
AlmondRAT Artra Downloader Bitter RAT ZxxZ

There is no Yara-Signature yet.