APT / THREAT GROUP
SpankRAT
2
aliases
Last seen:May 8, 2026
Intelligence Profile
According to ANY.RUN, this RAT is written in Rust. SpankRAT communicates with its C2 over WebSockets and provides full remote access to the system. The full-featured variant supports 18 commands covering remote shell execution, file management (list/read/upload/delete/rename), process enumeration and killing, Windows service control (start/stop/restart), full registry CRUD, scheduled task manipulation, and software inventory.
Threat Analysis
SpankRAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
SpankRATwin.spank_rat
External Intelligence
Malpedia: win.spank_ratResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.