Full Report
2025-04-14 • Morphisec • Nadav Lorber • win.resolver_rat Open article on Malpedia
Analysis Summary
The provided article description is extremely minimal, only listing metadata about the identification of a new malware variant called **ResolverRAT**. To fulfill the request accurately, I must synthesize the standard structure based on the known name, but will have to leave many fields placeholder or speculative as the actual technical content of the article is missing.
Here is the summary based *only* on the provided context clue: **ResolverRAT**.
# Tool/Technique: ResolverRAT
## Overview
ResolverRAT is a newly identified variant of malware, likely a Remote Access Trojan (RAT), which has been documented entering circulation as of April 2025.
## Technical Details
- Type: Malware family
- Platform: Likely Windows (inferred from the Malpedia reference `win.resolver_rat`)
- Capabilities: Assumed to include remote control and data exfiltration typical of a RAT.
- First Seen: April 14, 2025 (based on article date)
## MITRE ATT&CK Mapping
*(Specific mappings require detailed analysis of the variant's behavior, which is not present in the context. Below are common tactics for Remote Access Trojans.)*
- TA0001 - Initial Access
- TA0005 - Defense Evasion
- T1027 - Obfuscated Files or Information
- TA0011 - Command and Control
- T1071 - Application Layer Protocol
## Functionality
### Core Capabilities
- Remote Access and Control (Inferred from 'RAT' designation)
### Advanced Features
- (Unknown based on context)
## Indicators of Compromise
- File Hashes
- File Names
- Registry Keys
- Network Indicators: (None provided)
- Behavioral Indicators: (None provided)
## Associated Threat Actors
- (Unknown based on context)
## Detection Methods
- (Requires analysis of the specific variant's code)
## Mitigation Strategies
- Standard anti-malware solutions focusing on endpoint detection and response (EDR).
- Strict network monitoring for anomalous outbound connections.
## Related Tools/Techniques
- Other Remote Access Trojans (e.g., Gh0st RAT, Nanocore RAT)