SYMBOLCOMMON_NAMEaka. SYNONYMS
win.grayrabbit (Back to overview)

GRAYRABBIT

Actor(s): UNC3569

According to Mandiant, GRAYRABBIT is a lightweight and simple backdoor that supports simple file operation, system information collection, running modularized plugins, and executing a remote command shell.

References
2026-01-26Trend MicroJoseph C Chen, Ted Lee
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
PeckBirdy GRAYRABBIT
2024-09-24Virus BulletinAragorn Tseng, Chi-Yu You, Cristiana Brafman Kittner, Steve Su
Down the GRAYRABBIT HOle - Exposing UNC3569 and its Modus Operandi
KEYPLUG Cobalt Strike CROSSWALK GRAYRABBIT HelloBot HUI Loader PlugX SiestaGraph

There is no Yara-Signature yet.