CRAT wants to plunder your endpoints
By Asheer Malhotra. Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. One of the plugins is a ransomware known as “Hansom.” CRAT has been attributed to the Lazarus […]
The Wolf Is Back…
Cisco Talos has discovered a new Android malware based on a leak of the DenDroid malware family. We named this malware “WolfRAT” due to strong links between this malware (and the command and control (C2) infrastructure) and Wolf Research, an infamous organization that developed interception and espionage-based malware and was publicly described by CSIS during VirusBulletin […]
PoetRAT Uses Covid-19 Lures To Attack Azerbajian
Cisco Talos has discovered a new malware campaign based on a previously unknown family we’re calling “PoetRAT.” At this time, we do not believe this attack is associated with an already known threat actor. Our research shows the malware was distributed using URLs that mimic some Azerbaijan government domains, thus we believe the adversaries in […]
JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
Today, Cisco Talos is unveiling the details of a new RAT we have identified we’re calling “JhoneRAT.” This new RAT is dropped to the victims via malicious Microsoft Office documents. The dropper, along with the Python RAT, attempts to gather information on the victim’s machine and then uses multiple cloud services: Google Drive, Twitter, ImgBB […]
Remote Access Trojans
You’re working for a high-profile technology company, close to releasing a market-changing product to the public. It’s a highly contested space, with many competitors, both domestic and international. There’s also...
How Tortoiseshell created a fake veteran hiring website to host malware
Cisco Talos discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. Symantec had previously identified the actor as Tortoiseshell.
RAT Ratatouille – Backdooring PCs with leaked RATs
Orcus RAT and RevengeRAT are two of the most popular remote access trojans (RATs) in use across the threat landscape. Since its emergence in 2016, various adversaries used RevengeRAT to...
ExileRAT shares C2 with LuckyCat, targets Tibet
Cisco Talos recently observed a malware campaign delivering malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration (CTA), an organization officially representing the Tibetan government-in-exile....
DNSpionage Campaign Targets Middle East
DNSpionage Campaign Targets Middle East This blog post was authored by Warren Mercer and Paul Rascagneres. Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United...