Description
[Woody RAT](https://attack.mitre.org/software/S1065) is a remote access trojan (RAT) that has been used since at least August 2021 against Russian organizations.(Citation: MalwareBytes WoodyRAT Aug 2022)
External References
Techniques Used by This Malware
- T1005 — Data from Local System
- T1012 — Query Registry
- T1016 — System Network Configuration Discovery
- T1016.001 — Internet Connection Discovery
- T1027.013 — Encrypted/Encoded File
- T1033 — System Owner/User Discovery
- T1041 — Exfiltration Over C2 Channel
- T1055 — Process Injection
- T1055.012 — Process Hollowing
- T1057 — Process Discovery
- T1059.001 — PowerShell
- T1059.003 — Windows Command Shell
- T1070.004 — File Deletion
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1083 — File and Directory Discovery
- T1087 — Account Discovery
- T1105 — Ingress Tool Transfer
- T1106 — Native API
- T1113 — Screen Capture
- T1140 — Deobfuscate/Decode Files or Information
- T1203 — Exploitation for Client Execution
- T1204.002 — Malicious File
- T1518 — Software Discovery
- T1518.001 — Security Software Discovery
- T1562.006 — Indicator Blocking
- T1566.001 — Spearphishing Attachment
- T1573.001 — Symmetric Cryptography
- T1573.002 — Asymmetric Cryptography