AndroRAT
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 25/10/2017 16:48
- Modified
- 27/03/2026 01:41
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 22 attack patterns (mitre), 2 intrusion sets (apt), 2 sectors, 4 countries, 58 indicators, 4 vulnerabilities (cve), 1 reports
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (22)
Intrusion sets (APT) (2)
-
The MITRE Corporation Confidence 100
[Transparent Tribe](https://attack.mitre.org/groups/G0134) is a suspected Pakistan-based threat group that has been active since at least 2013, primarily targeting diplomatic, defense, and research organizations in India and Afghanistan.(Citation: Proofpoint…
First seen 01/01/1970 · Last seen 16/11/5138 · -
The MITRE Corporation Confidence 100
[BITTER](https://attack.mitre.org/groups/G1002) is a suspected South Asian cyber espionage threat group that has been active since at least 2013. [BITTER](https://attack.mitre.org/groups/G1002) has targeted government, energy, and engineering organizations in Pakistan,…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (2)
-
Energy targets
-
Government targets
Countries (4)
-
Bangladesh targets
-
China targets
-
Saudi Arabia targets
-
Pakistan targets
Indicators (58)
-
stix 100/100 Revoked· Valid until 28/06/2022 · Source: AlienVault
-
stix 100/100 Revoked
Bitter
· Valid until 09/10/2023 · Source: AlienVault -
http://olmajhnservice.com/nt.php/indicatesstix 100/100 Revoked· Valid until 28/06/2022 · Source: AlienVault -
stix 100/100 Revoked· Valid until 28/06/2022 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 15/08/2023 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 28/06/2022 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 31/05/2026 · Source: AlienVault
-
helpdesk.autodefragapp.comindicatesstix 100/100 Revoked· Valid until 25/08/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 28/06/2022 · Source: AlienVault
-
http://urocakpmpanel.com:33324/indicatesstix 100/100 Revoked· Valid until 28/06/2022 · Source: AlienVault -
stix 100/100 Revoked· Valid until 15/08/2023 · Source: AlienVault
Vulnerabilities (CVE) (4)
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 27/05/2026
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
- Attack vector
- Local
- Complexity
- Low
- Published
- 15/11/2017
- Modified
- 29/05/2026
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 20/12/2025
Reports (1)
-
2 MITREs 3 Malwares 3 Observables 1 APT