Threat Library

Win32.RAT.DarkVision

Last updated: September 10th, 2024

DarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on hackforums for as little as $60. Written in C, C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making it accessible even to low-skilled cybercriminals. DarkVision RAT’s availability on hackforums furthers its adoption among bad actors.

The RAT’s rise in popularity stems from its wide range of plugins listed below:

  1. WebCam Capture.
  2. Message Viewer.
  3. Process Manager.
  4. Regsitry Editor.
  5. File Explorer.
  6. Screen Capture.
  7. Window Manager.
  8. System Control.
  9. Wallpaper Manager.
  10. Reverse Proxy.
  11. Dropper.
  12. Remote Shell.
  13. Microphone Capture.
  14. Keylogger.
  15. Password Stealer.
  16. Remote Access
  17. MiniDump.
Engine: IPS (non-web)
Product:ZIA, ZPA + ZIA
Reference: Blog Post
Detection Details:
ConnectionCategoryDetection IDSeverityScore
OutboundBOTNET5003644High83
OutboundBOTNET5003643High83