Malware: ObliqueRAT

Description

[ObliqueRAT](https://attack.mitre.org/software/S0644) is a remote access trojan, similar to [Crimson](https://attack.mitre.org/software/S0115), that has been in use by [Transparent Tribe](https://attack.mitre.org/groups/G0134) since at least 2020.(Citation: Talos Oblique RAT March 2021)(Citation: Talos Transparent Tribe May 2021)

External References

• mitre-attack
• Talos Oblique RAT March 2021
• Talos Transparent Tribe May 2021

Techniques Used by This Malware

• T1025 — Data from Removable Media
• T1027.003 — Steganography
• T1030 — Data Transfer Size Limits
• T1033 — System Owner/User Discovery
• T1057 — Process Discovery
• T1074.001 — Local Data Staging
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1113 — Screen Capture
• T1120 — Peripheral Device Discovery
• T1125 — Video Capture
• T1204.001 — Malicious Link
• T1497.001 — System Checks
• T1547.001 — Registry Run Keys / Startup Folder

APT Groups Using This Malware

• Transparent Tribe