Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-02 10:52:36 UTC
Home > List all groups > List all tools > List all groups using tool BitRAT
 Tool: BitRAT
Names BitRAT
Category Malware
Type Backdoor, Info stealer, Credential stealer, Keylogger
Description
(Krabs on Security) As is the case with most HF malware, BitRAT is best described as an
amalgamation of poorly pasted leaked source code slapped together alongside a fancy C# GUI.
It makes heavy uses of libraries such as C++ Standard Library, Boost, OpenCV, and libcurl, as
well as code copied directly from leaked malware source code or sites including
StackOverflow. The choice of Camellia is somewhat unique, I have not seen this specific
algorithm used in malware before.
Information
Malpedia Last change to this tool card: 15 February 2023
Download this tool card in JSON format
All groups using tool BitRAT
Changed Name Country Observed
APT groups
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=041f9066-8f22-48b7-bb50-5d2ca3bf6410
Page 1 of 2

Blind Eagle 2018-Nov 2024  
  OPERA1ER [Unknown] 2016-Jul 2023
2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=041f9066-8f22-48b7-bb50-5d2ca3bf6410
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=041f9066-8f22-48b7-bb50-5d2ca3bf6410
Page 2 of 2