HOMETHREATSvanillarat
APT / THREAT GROUP

vanillarat

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Description:

VanillaRat is an advanced remote administration tool coded in C#. VanillaRat uses the Telepathy TCP networking library, dnlib module reading and writing library, and Costura.Fody dll embedding library.

Features:

Remote Desktop Viewer (With remote click)

File Browser (Including downloading, drag and drop uploading, and file opening)

Process Manager

Computer Information

Hardware Usage Information (CPU usage, disk usage, available ram)

Message Box Sender

Text To Speech

Screen Locker

Live Keylogger (Also shows current window)

Website Opener

Application Permission Raiser (Normal -> Admin)

Clipboard Text (Copied text)

Chat (Does not allow for client to close form)

Audio Recorder (Microphone)

Process Killer (Task manager, etc.)

Remote Shell

Startup

Security Blacklist (Drag client into list if you don't want connection. Press del. key on client to remove from list)

Threat Analysis

vanillarat is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

vanillaratwin.vanillarat

External Intelligence

Malpedia: win.vanillarat

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.