Sakula RAT - Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 12:59:13 UTC
Home > List all groups > List all tools > List all groups using tool Sakula RAT
 Tool: Sakula RAT
Names
Sakula RAT
Sakula
Sakurel
VIPER
Category Malware
Type Backdoor, Downloader, Exfiltration
Description
(SecureWorks) Sakula uses HTTP GET and POST communication for command and
control (C2). Network communication is obfuscated with single-byte XOR encoding.
Sakula also leverages single-byte XOR encoding to obfuscate various strings and files
embedded in the resource section, which are subsequently used for User Account
Control (UAC) bypass on both 32 and 64-bit systems.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022
Download this tool card in JSON format
All groups using tool Sakula RAT
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=60bcd6ad-2ac9-4ca8-82d2-54b200d0b098
Page 1 of 2

APT groups
  APT 31, Judgment Panda, Zirconium 2016-Mar 2024
 
Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu
Kittens
2010-Oct 2018
2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=60bcd6ad-2ac9-4ca8-82d2-54b200d0b098
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=60bcd6ad-2ac9-4ca8-82d2-54b200d0b098
Page 2 of 2