Ratty is an open source Java RAT, made available on GitHub and promoted heavily on HackForums.
In June 2020, a new variant of Ratty was found to be exploiting a spoofing vulnerability (CVE-2020-1464) discovered in 2018 security researchers, which was exploited by threat actors for two years. The vulnerability allowed an attacker to take a clean MSI file, which is digitally signed from Microsoft, Google etc. and append a malicious JAR file to it, without impacting or changing the signature of the file.
|Enterprise||VT0036||Exploitation for Defense Evasion||
Ratty 2020 variant exploited a spoofing vulnerability (CVE-2020-1464) in Windows which allowed to append a malicious JAR file to a clean MSI file signed from Microsoft or Google, without impacting or changing the digital signature.
|Enterprise||VT0016||.002||Subvert Trust Controls: Code Signing||
Ratty uses a spoofing vulnerability (CVE-2020-1464) in Windows to distribute malicious files that are signed by Microsoft, Google, etc. and appear legitimate.
Created: 09 May 2021
Last Modified: 09 May 2021