Skip to content

S0065 4H RAT

4H RAT is malware that has been used by Putter Panda since at least 2007. 1

Item Value
ID S0065
Associated Names
Type MALWARE
Version 1.1
Created 31 May 2017
Last Modified 30 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1071 Application Layer Protocol -
enterprise T1071.001 Web Protocols 4H RAT uses HTTP for command and control.1
enterprise T1059 Command and Scripting Interpreter -
enterprise T1059.003 Windows Command Shell 4H RAT has the capability to create a remote shell.1
enterprise T1573 Encrypted Channel -
enterprise T1573.001 Symmetric Cryptography 4H RAT obfuscates C2 communication using a 1-byte XOR with the key 0xBE.1
enterprise T1083 File and Directory Discovery 4H RAT has the capability to obtain file and directory listings.1
enterprise T1057 Process Discovery 4H RAT has the capability to obtain a listing of running processes (including loaded modules).1
enterprise T1082 System Information Discovery 4H RAT sends an OS version identifier in its beacons.1

Groups That Use This Software

ID Name References
G0024 Putter Panda 1

References