PoetRAT
MITRE
Tipo Malware:
Other
Other
Prima attivita:
Unknown
Unknown
Ultima attivita:
Unknown
Unknown
Dettagli:
[PoetRAT](https://attack.mitre.org/software/S0428) is a remote access trojan (RAT) that was first identified in April 2020. [PoetRAT](https://attack.mitre.org/software/S0428) has been used in multiple campaigns against the private and public sectors in Azerbaijan, including ICS and SCADA systems in the energy sector. The STIBNITE activity group has been observed using the malware. [PoetRAT](https://attack.mitre.org/software/S0428) derived its name from references in the code to poet William Shakespeare. (Citation: Talos PoetRAT April 2020)(Citation: Talos PoetRAT October 2020)(Citation: Dragos Threat Report 2020)
Tecniche Associate (35)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1003.001 | LSASS Memory | - |
| T1018 | Remote System Discovery | - |
| T1027 | Obfuscated Files or Information | - |
| T1027.010 | Command Obfuscation | - |
| T1033 | System Owner/User Discovery | - |
| T1041 | Exfiltration Over C2 Channel | - |
| T1048 | Exfiltration Over Alternative Protocol | - |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | - |
| T1056.001 | Keylogging | - |
| T1057 | Process Discovery | - |
| T1059.003 | Windows Command Shell | - |
| T1059.005 | Visual Basic | - |
| T1059.006 | Python | - |
| T1059.011 | Lua | - |
| T1070.004 | File Deletion | - |
Metadata
| ID: | 567 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 04:00 |