S1028Windows

S1028Action RAT

Platforms
1
ATT&CK
14.1
References
2

Description

[Action RAT](https://attack.mitre.org/software/S1028) is a remote access tool written in Delphi that has been used by [SideCopy](https://attack.mitre.org/groups/G1008) since at least December 2021 against Indian and Afghani government personnel.(Citation: MalwareBytes SideCopy Dec 2021) Documented platforms: Windows. Attributed to ATT&CK group: SideCopy. Catalogued in ATT&CK 14.1. 2 references curated.

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupSideCopyg1008100%live

References

  1. https://attack.mitre.org/software/S1028
  2. https://www.malwarebytes.com/blog/news/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
AuTo Stealer
Software
AsyncRAT
Software
PingPull
Software
BBSRAT
Group
SideCopy
Software
Bandook
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.