HOMETHREATSSpankRAT
APT / THREAT GROUP

SpankRAT

2
aliases
Last seen:May 8, 2026

Intelligence Profile

According to ANY.RUN, this RAT is written in Rust. SpankRAT communicates with its C2 over WebSockets and provides full remote access to the system. The full-featured variant supports 18 commands covering remote shell execution, file management (list/read/upload/delete/rename), process enumeration and killing, Windows service control (start/stop/restart), full registry CRUD, scheduled task manipulation, and software inventory.

Threat Analysis

SpankRAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

SpankRATwin.spank_rat

External Intelligence

Malpedia: win.spank_rat

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
SpankRAT — APT / Threat Group | Threat Intelligence | CTIWATCH.COM