{ "id": "4f6e4a8b-1bc1-4244-9bf3-d8b0cd9b2883", "created_at": "2026-04-06T00:17:49.962321Z", "updated_at": "2026-04-10T03:35:20.341396Z", "deleted_at": null, "sha1_hash": "9748c11f187ad1edcd3cbddc69bf09587adda0a4", "title": "Imminent Monitor RAT - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 50744, "plain_text": "Imminent Monitor RAT - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 21:08:04 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Imminent Monitor RAT\n Tool: Imminent Monitor RAT\nNames\nImminent Monitor RAT\nImminent Monitor\nCategory Tools\nType Backdoor, Info stealer, Credential stealer\nDescription\n(Palo Alto) A RAT offered for sale since 2012.\nThe ImminentMonitor Client Control Panel offers a clean, easy-to-use interface to build\nand control ImminentMonitor client malware. As well as the full Remote Desktop access\nof any RAT, features less noticeable by the victim include:\n• File manager\n• Process manager\n• Window manager\n• Clipboard manager\n• Registry manager\n• Startup manager\n• Command prompt\n• TCP connection\n• Remote webcam monitoring\n• Remote microphone monitoring\n• Password recovery\nInformation\nMalpedia AlienVault OTX https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b9236211-46f9-4e2c-89ca-a1fed4f2ea04\nPage 1 of 2\n\nLast change to this tool card: 13 May 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Imminent Monitor RAT\r\nChanged Name Country Observed\r\nAPT groups\r\n  Blind Eagle 2018-Nov 2024  \r\n  TA2541 [Unknown] 2017  \r\n2 groups listed (2 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b9236211-46f9-4e2c-89ca-a1fed4f2ea04\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b9236211-46f9-4e2c-89ca-a1fed4f2ea04\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b9236211-46f9-4e2c-89ca-a1fed4f2ea04" ], "report_names": [ "listgroups.cgi?u=b9236211-46f9-4e2c-89ca-a1fed4f2ea04" ], "threat_actors": [ { "id": "98b22fd7-bf1b-41a6-b51c-0e33a0ffd813", "created_at": "2022-10-25T15:50:23.688973Z", "updated_at": "2026-04-10T02:00:05.390055Z", "deleted_at": null, "main_name": "APT-C-36", "aliases": [ "APT-C-36", "Blind Eagle" ], "source_name": "MITRE:APT-C-36", "tools": [ "Imminent Monitor" ], "source_id": "MITRE", "reports": null }, { "id": "99468ac6-ccfd-4cd8-b726-791600e61431", "created_at": "2023-11-01T02:01:06.647272Z", "updated_at": "2026-04-10T02:00:05.313262Z", "deleted_at": null, "main_name": "TA2541", "aliases": [ "TA2541" ], "source_name": "MITRE:TA2541", "tools": [ "Snip3", "Revenge RAT", "jRAT", "WarzoneRAT", "Imminent Monitor", "AsyncRAT", "NETWIRE", "Agent Tesla", "njRAT" ], "source_id": "MITRE", "reports": null }, { "id": "97dc332f-2241-4755-ae33-54e5eff3990a", "created_at": "2023-01-06T13:46:39.307201Z", "updated_at": "2026-04-10T02:00:03.282272Z", "deleted_at": null, "main_name": "TA2541", "aliases": [], "source_name": "MISPGALAXY:TA2541", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "be597b07-0cde-47bc-80c3-790a8df34af4", "created_at": "2022-10-25T16:07:23.407484Z", "updated_at": "2026-04-10T02:00:04.58656Z", "deleted_at": null, "main_name": "Blind Eagle", "aliases": [ "APT-C-36", "APT-Q-98", "AguilaCiega", "G0099" ], "source_name": "ETDA:Blind Eagle", "tools": [ "AsyncRAT", "BitRAT", "Bladabindi", "BlotchyQuasar", "Imminent Monitor", "Imminent Monitor RAT", "Jorik", "LimeRAT", "Remcos", "RemcosRAT", "Remvio", "Socmer", "Warzone", "Warzone RAT", "njRAT" ], "source_id": "ETDA", "reports": null }, { "id": "878ce40c-9fbc-4cff-a5c4-771086979fa7", "created_at": "2022-10-25T16:07:24.264056Z", "updated_at": "2026-04-10T02:00:04.915395Z", "deleted_at": null, "main_name": "TA2541", "aliases": [], "source_name": "ETDA:TA2541", "tools": [ "AVE_MARIA", "AgenTesla", "Agent Tesla", "AgentTesla", "AsyncRAT", "Ave Maria", "AveMariaRAT", "DarkRAT", "H-Worm", "H-Worm RAT", "Houdini", "Houdini RAT", "Hworm", "Imminent Monitor", "Imminent Monitor RAT", "Iniduoh", "Jenxcus", "Kognito", "Luminosity RAT", "LuminosityLink", "Negasteal", "NetWeird", "NetWire", "NetWire RAT", "NetWire RC", "NetWired RC", "Njw0rm", "Origin Logger", "Parallax", "Parallax RAT", "ParallaxRAT", "Recam", "Revenge RAT", "RevengeRAT", "Revetrat", "WSHRAT", "ZPAQ", "avemaria", "dinihou", "dunihi" ], "source_id": "ETDA", "reports": null }, { "id": "bd43391b-b835-4cb3-839a-d830aa1a3410", "created_at": "2023-01-06T13:46:38.925525Z", "updated_at": "2026-04-10T02:00:03.147197Z", "deleted_at": null, "main_name": "APT-C-36", "aliases": [ "Blind Eagle" ], "source_name": "MISPGALAXY:APT-C-36", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434669, "ts_updated_at": 1775792120, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/9748c11f187ad1edcd3cbddc69bf09587adda0a4.pdf", "text": "https://archive.orkl.eu/9748c11f187ad1edcd3cbddc69bf09587adda0a4.txt", "img": "https://archive.orkl.eu/9748c11f187ad1edcd3cbddc69bf09587adda0a4.jpg" } }