HOMETHREATSEpicSplit RAT
APT / THREAT GROUP

EpicSplit RAT

Internal ID: jar.epicsplit
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

EpicSplit RAT is a multiplatform Java RAT that is capable of running shell commands, downloading, uploading, and executing files, manipulating the file system, establishing persistence, taking screenshots, and manipulating keyboard and mouse events. EpicSplit is typically obfuscated with the commercial Allatori Obfuscator software. One unique feature of the malware is that TCP messages sent by EpicSplit RAT to its C2 are terminated with the string "_packet_" as a packet delimiter.

Threat Analysis

EpicSplit RAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases1

Also Known As

jar.epicsplit

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
EpicSplit RAT — APT / Threat Group | Threat Intelligence | CTIWATCH.COM