SYMBOLCOMMON_NAMEaka. SYNONYMS
win.quiterat (Back to overview)

QuiteRAT

aka: Acres

Actor(s): Silent Chollima


QuiteRAT is a simple remote access trojan written with the help of Qt libraries.

After sending preliminary system information to its C&C server, it expects a response containing either a supported command code or an actual Windows command (like systeminfo or ipconfig with parameters) to execute.

It was deployed in a campaign exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966).

References
2023-08-24Cisco TalosAsheer Malhotra, Vitor Ventura, Jungsoo An
@online{malhotra:20230824:lazarus:f5c3c14, author = {Asheer Malhotra and Vitor Ventura and Jungsoo An}, title = {{Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT}}, date = {2023-08-24}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/lazarus-quiterat/}, language = {English}, urldate = {2023-08-25} } Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
QuiteRAT
2023-08-22AhnLabASEC Analysis Team
@online{team:20230822:analyzing:a2e958c, author = {ASEC Analysis Team}, title = {{Analyzing the new attack activity of the Andariel group}}, date = {2023-08-22}, organization = {AhnLab}, url = {https://asec.ahnlab.com/ko/56256/}, language = {Korean}, urldate = {2023-08-28} } Analyzing the new attack activity of the Andariel group
Andardoor MimiKatz QuiteRAT Tiger RAT Volgmer
2023-02-23BitdefenderMartin Zugec, Bitdefender Team
@online{zugec:20230223:technical:710242c, author = {Martin Zugec and Bitdefender Team}, title = {{Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966}}, date = {2023-02-23}, organization = {Bitdefender}, url = {https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966}, language = {English}, urldate = {2023-08-25} } Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Cobalt Strike DarkComet QuiteRAT RATel
2023-02-02WithSecureSami Ruohonen, Stephen Robinson
@techreport{ruohonen:20230202:no:2a5fce3, author = {Sami Ruohonen and Stephen Robinson}, title = {{No Pineapple! –DPRK Targeting of Medical Research and Technology Sector}}, date = {2023-02-02}, institution = {WithSecure}, url = {https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf}, language = {English}, urldate = {2023-08-25} } No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
Dtrack GREASE QuiteRAT

There is no Yara-Signature yet.