{ "id": "94afd5c0-dcb5-4641-b47a-cfd731ac8525", "created_at": "2026-04-06T00:06:37.02038Z", "updated_at": "2026-04-10T13:11:37.414225Z", "deleted_at": null, "sha1_hash": "7c1a324bd0e8ba7326f775a6602ef3b339a48fe5", "title": "Parallax RAT - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 45033, "plain_text": "Parallax RAT - Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 14:35:44 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Parallax RAT\r\n Tool: Parallax RAT\r\nNames\r\nParallax RAT\r\nParallaxRAT\r\nParallax\r\nCategory Malware\r\nType Backdoor\r\nDescription\r\n(Morphisec) Parallax is an advanced remote access trojan that supports all Windows OS\r\nversions. It is capable of bypassing advanced detection solutions, stealing credentials,\r\nexecuting remote commands, and has also been linked to several coronavirus malware\r\ncampaigns.\r\nParallax is mostly delivered through malicious spam campaigns with Microsoft word\r\ndocuments as the delivery vehicle of choice as will also be described in the following blog\r\npost.\r\nInformation \u003chttps://blog.morphisec.com/parallax-rat-active-status\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.parallax\u003e\r\nLast change to this tool card: 05 April 2022\r\nDownload this tool card in JSON format\r\nAll groups using tool Parallax RAT\r\nChanged Name Country Observed\r\nAPT groups\r\n  TA2541 [Unknown] 2017  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=545816d1-01d8-481f-be96-53676aea551c\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=545816d1-01d8-481f-be96-53676aea551c\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=545816d1-01d8-481f-be96-53676aea551c\r\nPage 2 of 2\n\nAPT groups TA2541 [Unknown] 2017\n1 group listed (1 APT, 0 other, 0 unknown) \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=545816d1-01d8-481f-be96-53676aea551c" ], "report_names": [ "listgroups.cgi?u=545816d1-01d8-481f-be96-53676aea551c" ], "threat_actors": [ { "id": "99468ac6-ccfd-4cd8-b726-791600e61431", "created_at": "2023-11-01T02:01:06.647272Z", "updated_at": "2026-04-10T02:00:05.313262Z", "deleted_at": null, "main_name": "TA2541", "aliases": [ "TA2541" ], "source_name": "MITRE:TA2541", "tools": [ "Snip3", "Revenge RAT", "jRAT", "WarzoneRAT", "Imminent Monitor", "AsyncRAT", "NETWIRE", "Agent Tesla", "njRAT" ], "source_id": "MITRE", "reports": null }, { "id": "97dc332f-2241-4755-ae33-54e5eff3990a", "created_at": "2023-01-06T13:46:39.307201Z", "updated_at": "2026-04-10T02:00:03.282272Z", "deleted_at": null, "main_name": "TA2541", "aliases": [], "source_name": "MISPGALAXY:TA2541", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "878ce40c-9fbc-4cff-a5c4-771086979fa7", "created_at": "2022-10-25T16:07:24.264056Z", "updated_at": "2026-04-10T02:00:04.915395Z", "deleted_at": null, "main_name": "TA2541", "aliases": [], "source_name": "ETDA:TA2541", "tools": [ "AVE_MARIA", "AgenTesla", "Agent Tesla", "AgentTesla", "AsyncRAT", "Ave Maria", "AveMariaRAT", "DarkRAT", "H-Worm", "H-Worm RAT", "Houdini", "Houdini RAT", "Hworm", "Imminent Monitor", "Imminent Monitor RAT", "Iniduoh", "Jenxcus", "Kognito", "Luminosity RAT", "LuminosityLink", "Negasteal", "NetWeird", "NetWire", "NetWire RAT", "NetWire RC", "NetWired RC", "Njw0rm", "Origin Logger", "Parallax", "Parallax RAT", "ParallaxRAT", "Recam", "Revenge RAT", "RevengeRAT", "Revetrat", "WSHRAT", "ZPAQ", "avemaria", "dinihou", "dunihi" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775433997, "ts_updated_at": 1775826697, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7c1a324bd0e8ba7326f775a6602ef3b339a48fe5.pdf", "text": "https://archive.orkl.eu/7c1a324bd0e8ba7326f775a6602ef3b339a48fe5.txt", "img": "https://archive.orkl.eu/7c1a324bd0e8ba7326f775a6602ef3b339a48fe5.jpg" } }