Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 19:15:44 UTC
Home > List all groups > List all tools > List all groups using tool RDAT
 Tool: RDAT
Names
RDAT
GREYSTUFF
Category Malware
Type Backdoor, Tunneling
Description
(Palo Alto) The adversaries compiled the RDAT payloads used in the attacks on the
Middle Eastern telecommunications organization on March 1, 2020, and configured it to
use a domain provided on the command line or the hardcoded domain rsshay[.]com as
its C2 server. Unlike previous RDAT samples, this particular sample only uses DNS
tunneling for its C2 communications with no HTTP fallback channel. This RDAT
sample can only use TXT queries in its DNS tunnel.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool RDAT
Changed Name Country Observed
APT groups
 OilRig, APT 34, Helix Kitten, Chrysene 2014-Sep 2024
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=52268b11-5917-4022-a87a-3cb14973ccb0
Page 1 of 2

1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=52268b11-5917-4022-a87a-3cb14973ccb0
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=52268b11-5917-4022-a87a-3cb14973ccb0
Page 2 of 2