Skip to content

Hide Navigation Hide TOC

Sakula (3eca2d5f-41bf-4ad4-847f-df18befcdc44)

The RAT, which according to compile timestamps first surfaced in November 2012, has been used in targeted intrusions through 2015. Sakula enables an adversary to run interactive commands as well as to download and execute additional components.

Cluster A Galaxy A Cluster B Galaxy B Level
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Sakula (3eca2d5f-41bf-4ad4-847f-df18befcdc44) RAT 1
Sakula (3eca2d5f-41bf-4ad4-847f-df18befcdc44) RAT Sakula (f6c137f0-979c-4ce2-a0e5-2a080a5a1746) Tool 1
Sakula (3eca2d5f-41bf-4ad4-847f-df18befcdc44) RAT Sakula RAT (e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b) Malpedia 1
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Sakula (f6c137f0-979c-4ce2-a0e5-2a080a5a1746) Tool 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Sakula RAT (e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b) Malpedia 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Sakula - S0074 (96b08451-b27a-4ff6-893f-790e26393a8e) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 2
Sakula (f6c137f0-979c-4ce2-a0e5-2a080a5a1746) Tool Sakula RAT (e88eb9b1-dc8b-4696-8dcf-0c29924d0f8b) Malpedia 2
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 3
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 3
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 3