From open-source to open threat: Tracking Chaos RAT’s evolution

June 8, 2025, 5:04 p.m.

Description

Chaos RAT, an open-source remote administration tool written in Golang, has evolved since its first appearance in 2022. Recent variants have been identified in Linux and Windows attacks. The malware offers cross-platform compatibility and is being exploited by threat actors for malicious purposes. It provides an administrative panel for payload generation and control of compromised systems. The latest samples show improved encoding of configuration data and expanded capabilities. A critical vulnerability in Chaos RAT's web panel allowed attackers to execute remote code on the server. While overall usage remains limited, its low detection profile creates opportunities for espionage, data exfiltration, and establishing footholds for further attacks.

External References

https://www.acronis.com/en-us/cyber-protection-center/posts/from-open-source-to-open-threat-tracking-chaos-rats-evolution
https://otx.alienvault.com/pulse/6842cae388c3c1ee6c4030be
Tags
golang
cross-platform
2025-06-06
CVE-2024-30850
remote administration tool
CVE-2024-31839
chaos rat

Date

  • Created: June 6, 2025, 11:02 a.m.
  • Published: June 6, 2025, 11:02 a.m.
  • Modified: June 8, 2025, 5:04 p.m.

Indicators

  • d0a63e059ed2c921c37c83246cdf4de0c8bc462b7c1d4b4ecd23a24196be7dd7
  • c9694483c9fc15b2649359dfbd8322f0f6dd7a0a7da75499e03dbc4de2b23cad
  • c8dc86afd1cd46534f4f9869efaa3b6b9b9a1efaf3c259bb87000702807f5844
  • c39184aeb42616d7bf6daaddb9792549eb354076b4559e5d85392ade2e41763e
  • a6307aad70195369e7ca5575f1ab81c2fd82de2fe561179e38933f9da28c4850
  • a583bdf46f901364ed8e60f6aadd2b31be12a27ffccecc962872bc73a9ffd46c
  • a51416ea472658b5530a92163e64cfa51f983dfabe3da38e0646e92fb14de191
  • a364ec51aa9314f831bc498ddaf82738766ca83b51401f77dbd857ba4e32a53b
  • 90c8b7f89c8a23b7a056df8fd190263ca91fe4e27bda174a9c268adbfc5c0f04
  • 839b3a46abee1b234c4f69acd554e494c861dcc533bb79bd0d15b9855ae1bed7
  • 8c0606db237cfa33fa3fb99a56072063177b61fa2c8873ed6af712bba2dc56d9
  • 77962a384d251f0aa8e3008a88f206d6cb1f7401c759c4614e3bfe865e3e985c
  • 773c935a13ab49cc4613b30e8d2a75f1bde3b85b0bba6303eab756d70f459693
  • 719082b1e5c0d18cc0283e537215b53a864857ac936a0c7d3ddbaf7c7944cf79
  • 57f825a556330e94d12475f21c2245fa1ee15aedd61bffb55587b54e970f1aad
  • 67534c144a7373cacbd8f9bd9585a2b74ddbb03c2c0721241d65c62726984a0a
  • 44c54d9d0b8d4862ad7424c677a6645edb711a6d0f36d6e87d7bae7a2cb14d68
  • 2732fc2bb7b6413c899b6ac1608818e4ee9f0e5f1d14e32c9c29982eecd50f87
  • 080f56cea7acfd9c20fc931e53ea1225eb6b00cf2f05a76943e6cf0770504c64
  • 1e074d9dca6ef0edd24afb2d13ca4429def5fc5486cd4170c989ef60efd0bbb0
  • 176.65.141.63
  • valhalla.nextron-systems.com
  • blog.chebuya.com
Download all indicators here!

Attack Patterns

  • Chaos RAT

Additional Informations

  • British Indian Ocean Territory
  • India