NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT
Reaper Group uses custom malware family called DOGCALL to deploy RAT. Get the full report.
Posts tagged with: RAT
Say “Cheese”: WebMonitor RAT Comes with C2-as-a-Service (C2aaS)
Unit 42 uncovers a new(ish) fully-featured Remote Access Tool (RAT), with web-based Command-and-Control (C2) included
EITest: HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware
Unit 42 uncovers HoeflerText popups delivering RAT malware to Google Chrome users.
Get updates on Unit 42
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Updated KHRAT Malware Used in Cambodia Attacks
Unit 42 recently observed Remote Access Trojan KHRAT activity targeting the citizens of Cambodia.
Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations
Troichilus and MoonWind RATS used to target utility and other organizations in Thailand.
Orcus – Birth of an unusual plugin builder RAT
Unit 42 has been tracking a new Remote Access Trojan (RAT) being sold for $40 USD since April 2016, known as “Orcus”. Though Orcus has all the typical features of RAT malware, it allows users to build custom plugins and also has a modular architecture for better management and scalability. The objective of this blog
SpyNote Android Trojan Builder Leaked
Our team recently discovered a new Android Trojan called SpyNote which facilitates remote spying. The builder, which creates new versions of the malware, recently leaked on several malware discussion forums. SpyNote is similar to OmniRat and DroidJack, which are RATs (remote administration tools) that allow malware owners to gain remote administrative control of an Android
Investigating the LuminosityLink Remote Access Trojan Configuration
In recent weeks, I’ve spent time investigating the LuminosityLink Remote Access Trojan’s (RAT) embedded configuration. For those unaware, LuminosityLink is a malware family costing $40 that purports to be a system administration utility. However, when executed, the malware leverages a very aggressive keylogger, as well as a number of other malicious features that allow an
Bookworm Trojan: A Model of Modular Architecture
Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of DLL side-loading and a shellcode file. After closer inspection, it appears to be a completely distinct Trojan, which we have
Listen: How Evolved 419 Scammers Are Targeting the Enterprise
Unit 42, the Palo Alto Networks threat intelligence team, will be appearing on a live webcast and Q&A with Dark Reading tomorrow, Thursday, August 28 at 2:00 p.m. EDT.
Unit 42: A New Era In Threat Intelligence
Today we would like to officially introduce our new threat intelligence team, Unit 42, and announce the release of our first research paper, 419 Evolution. Unit 42 uses data collected from the Palo Alto Networks security platform to provide context into an attacker’s motivations and methods. Using our Critical Intelligence Requirements developed by our leadership, we