{
  "name": "From open-source to open threat: Tracking Chaos RAT\u2019s evolution",
  "slug": "from-open-source-to-open-threat-tracking-chaos-rats-evolution",
  "description": "Chaos RAT, an open-source remote administration tool written in Golang, has evolved since its first appearance in 2022. Recent variants have been identified in Linux and Windows attacks. The malware offers cross-platform compatibility and is being exploited by threat actors for malicious purposes. It provides an administrative panel for payload generation and control of compromised systems. The latest samples show improved encoding of configuration data and expanded capabilities. A critical vulnerability in Chaos RAT's web panel allowed attackers to execute remote code on the server. While overall usage remains limited, its low detection profile creates opportunities for espionage, data exfiltration, and establishing footholds for further attacks.",
  "published": "2025-06-06T09:02:59+00:00",
  "created_at": "2025-06-06T09:02:59+00:00",
  "modified_at": "2025-06-08T15:04:35+00:00",
  "created_at_opencti": "2025-06-06T09:02:59+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-06-06",
    "CVE-2024-30850",
    "CVE-2024-31839",
    "chaos rat",
    "cross-platform",
    "golang",
    "remote administration tool"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "176.65.141.63"
      },
      {
        "id": "",
        "name": "valhalla.nextron-systems.com"
      },
      {
        "id": "",
        "name": "blog.chebuya.com"
      },
      {
        "id": "",
        "name": "d0a63e059ed2c921c37c83246cdf4de0c8bc462b7c1d4b4ecd23a24196be7dd7"
      },
      {
        "id": "",
        "name": "c9694483c9fc15b2649359dfbd8322f0f6dd7a0a7da75499e03dbc4de2b23cad"
      },
      {
        "id": "",
        "name": "c8dc86afd1cd46534f4f9869efaa3b6b9b9a1efaf3c259bb87000702807f5844"
      },
      {
        "id": "",
        "name": "c39184aeb42616d7bf6daaddb9792549eb354076b4559e5d85392ade2e41763e"
      },
      {
        "id": "",
        "name": "a6307aad70195369e7ca5575f1ab81c2fd82de2fe561179e38933f9da28c4850"
      },
      {
        "id": "",
        "name": "a583bdf46f901364ed8e60f6aadd2b31be12a27ffccecc962872bc73a9ffd46c"
      },
      {
        "id": "",
        "name": "a51416ea472658b5530a92163e64cfa51f983dfabe3da38e0646e92fb14de191"
      },
      {
        "id": "",
        "name": "a364ec51aa9314f831bc498ddaf82738766ca83b51401f77dbd857ba4e32a53b"
      },
      {
        "id": "",
        "name": "90c8b7f89c8a23b7a056df8fd190263ca91fe4e27bda174a9c268adbfc5c0f04"
      },
      {
        "id": "",
        "name": "839b3a46abee1b234c4f69acd554e494c861dcc533bb79bd0d15b9855ae1bed7"
      },
      {
        "id": "",
        "name": "8c0606db237cfa33fa3fb99a56072063177b61fa2c8873ed6af712bba2dc56d9"
      },
      {
        "id": "",
        "name": "77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c"
      },
      {
        "id": "",
        "name": "773c935a13ab49cc4613b30e8d2a75f1bde3b85b0bba6303eab756d70f459693"
      },
      {
        "id": "",
        "name": "719082b1e5c0d18cc0283e537215b53a864857ac936a0c7d3ddbaf7c7944cf79"
      },
      {
        "id": "",
        "name": "57f825a556330e94d12475f21c2245fa1ee15aedd61bffb55587b54e970f1aad"
      },
      {
        "id": "",
        "name": "67534c144a7373cacbd8f9bd9585a2b74ddbb03c2c0721241d65c62726984a0a"
      },
      {
        "id": "",
        "name": "44c54d9d0b8d4862ad7424c677a6645edb711a6d0f36d6e87d7bae7a2cb14d68"
      },
      {
        "id": "",
        "name": "2732fc2bb7b6413c899b6ac1608818e4ee9f0e5f1d14e32c9c29982eecd50f87"
      },
      {
        "id": "",
        "name": "080f56cea7acfd9c20fc931e53ea1225eb6b00cf2f05a76943e6cf0770504c64"
      },
      {
        "id": "",
        "name": "1e074d9dca6ef0edd24afb2d13ca4429def5fc5486cd4170c989ef60efd0bbb0"
      }
    ],
    "malware": [
      {
        "id": "7b0d0fc4-988f-45e7-b1f0-4fddd5dca624",
        "name": "Chaos RAT",
        "slug": "chaos-rat"
      }
    ],
    "attack_patterns": [
      {
        "id": "2ccc4626-0e86-4148-a5a8-2aa270e22dbd",
        "name": "T1588.001"
      },
      {
        "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed",
        "name": "T1113"
      },
      {
        "id": "fc699aef-8931-4a79-8f79-9651be9abd50",
        "name": "T1021"
      },
      {
        "id": "d9f271ed-7685-4362-b90d-f16a14102f39",
        "name": "T1489"
      },
      {
        "id": "926a888c-190c-4efb-ab6b-f9d7e6a0fc54",
        "name": "T1547"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "af9ed2e3-4663-4723-beab-c606ddc312e0",
        "name": "T1543"
      },
      {
        "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d",
        "name": "T1102"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "British Indian Ocean Territory"
      },
      {
        "id": "",
        "name": "India"
      }
    ]
  },
  "external_refs": [
    "https://www.acronis.com/en-us/cyber-protection-center/posts/from-open-source-to-open-threat-tracking-chaos-rats-evolution",
    "https://otx.alienvault.com/pulse/6842cae388c3c1ee6c4030be"
  ]
}