Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 01:04:09 UTC
Home > List all groups > List all tools > List all groups using tool QuiteRAT
 Tool: QuiteRAT
Names
QuiteRAT
Acres
Category Malware
Type Backdoor
Description
(Talos) QuiteRAT is a fairly simple remote access trojan (RAT). It consists of a compact set of
statically linked Qt libraries along with some user-written code. The Qt framework is a
platform for developing cross-platform applications. However, it is immensely popular for
developing Graphical User Interface in applications. Although QuiteRAT, just like MagicRAT,
uses embedded Qt libraries, none of these implants have a Graphical User Interface. .As seen
with Lazarus Group’s MagicRAT malware, the use of Qt increases the code complexity,
making human analysis harder. Using Qt also makes machine learning and heuristic analysis
detection less reliable, since Qt is rarely used in malware development.
Based on QuiteRAT’s technical characteristics, including the usage of the Qt framework, we
assess that this implant belongs to the previously disclosed MagicRAT family. QuiteRAT was
briefly discussed in WithSecure’s report from early 2023. The new campaign we’re disclosing
exploited a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) — which has a
Kenna risk score of 100 out of 100 — to deploy QuiteRAT.
Information Malpedia Last change to this tool card: 13 October 2023
Download this tool card in JSON format
All groups using tool QuiteRAT
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dd8d965b-57b6-4d45-89a5-a62ae4688b98
Page 1 of 2

APT groups
  Lazarus Group, Hidden Cobra, Labyrinth Chollima 2007-May 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dd8d965b-57b6-4d45-89a5-a62ae4688b98
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dd8d965b-57b6-4d45-89a5-a62ae4688b98
Page 2 of 2