Malware: Action RAT

Description

[Action RAT](https://attack.mitre.org/software/S1028) is a remote access tool written in Delphi that has been used by [SideCopy](https://attack.mitre.org/groups/G1008) since at least December 2021 against Indian and Afghani government personnel.(Citation: MalwareBytes SideCopy Dec 2021)

External References

• mitre-attack
• MalwareBytes SideCopy Dec 2021

Techniques Used by This Malware

• T1005 — Data from Local System
• T1016 — System Network Configuration Discovery
• T1027 — Obfuscated Files or Information
• T1033 — System Owner/User Discovery
• T1047 — Windows Management Instrumentation
• T1059.003 — Windows Command Shell
• T1071.001 — Web Protocols
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1140 — Deobfuscate/Decode Files or Information
• T1518.001 — Security Software Discovery

APT Groups Using This Malware

• SideCopy