Inside Different Generations of RATs
Introduction
This page is the central hub for my series “Inside Different Generations of RATs”, documenting and analyzing the evolution of remote access tools (RATs) across different time periods.
The series aims to:
- Understand how RAT architectures evolved
- Analyze implementation details through reverse engineering
- Identify design patterns, limitations, and security implications
This page will be continuously updated as new research is added.
Families
Articles
The table below lists all articles in this series analyzing various remote access tools.
It will be updated continuously as new research is published.
| RAT | Article |
|---|---|
| Why I started this series | Inside Different Generations of RATs |
| Netbus | Analyzing NetBus |
| Back Orifice | Analyzing BackOrifice |
| Sub7 | Analyzing Sub7 |
| ProRat | Analyzing ProRat |
| Beast | Analyzing BeastDoor |
| Poison Ivy | Analyzing Poison Ivy |
| DarkComet | Analyzing DarkComet |
| Conclusion (1990s-2000s) | Inside Different Generations of RATs (1990s-2000s) |
| Gh0st RAT Beta 2.5-3.6 | Analyzing Gh0st RAT Beta 2.5-3.6 |
| njRAT v0.7d | Analyzing njRAT v0.7d |
| njRAT v0.9d | Analyzing njRAT v0.9d |
| njRAT Lime/Green Edition | Analyzing njRAT Lime and Green Edition |
Roadmap
Planned analysis in this series includes:
- njRAT Family
- Gh0st RAT Family
- Quasar RAT
- AsyncRAT
- Remcos RAT
- Agent Tesla
Future articles will focus on more modern RATs and their advanced techniques.
Suplementary
Tutorials for Malware Analysis
- How to Setup Your Experimental Environment for Malware Analysis
- Installing VMware Tools on Windows XP and Windows 95 with VMware WorkStation 17
THANKS FOR READING
