RAT Archives - Unit42

NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT

Reaper Group uses custom malware family called DOGCALL to deploy RAT. Get the full report.

By Josh Grunzweig
October 1, 2018 at 8:00 AM

Say “Cheese”: WebMonitor RAT Comes with C2-as-a-Service (C2aaS)

Unit 42 uncovers a new(ish) fully-featured Remote Access Tool (RAT), with web-based Command-and-Control (C2) included

By Mike Harbison and Simon Conant
April 13, 2018 at 5:00 AM

EITest: HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware

Unit 42 uncovers HoeflerText popups delivering RAT malware to Google Chrome users.

By Brad Duncan
September 1, 2017 at 5:00 AM

Updated KHRAT Malware Used in Cambodia Attacks

Unit 42 recently observed Remote Access Trojan KHRAT activity targeting the citizens of Cambodia.

By Alex Hinchliffe and Jen Miller-Osborn
August 31, 2017 at 5:00 AM

Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations

Troichilus and MoonWind RATS used to target utility and other organizations in Thailand.

By Jen Miller-Osborn and Josh Grunzweig
March 30, 2017 at 5:00 AM

Orcus – Birth of an unusual plugin builder RAT

Unit 42 has been tracking a new Remote Access Trojan (RAT) being sold for $40 USD since April 2016, known as “Orcus”. Though Orcus has all the typical features of RAT malware, it allows users to build custom plugins and also has a modular architecture for better management and scalability. The objective of this blog

By Vicky Ray
August 2, 2016 at 1:00 PM

SpyNote Android Trojan Builder Leaked

Our team recently discovered a new Android Trojan called SpyNote which facilitates remote spying. The builder, which creates new versions of the malware, recently leaked on several malware discussion forums. SpyNote is similar to OmniRat and DroidJack, which are RATs (remote administration tools) that allow malware owners to gain remote administrative control of an Android

By Jacob Soo
July 28, 2016 at 1:40 PM

Investigating the LuminosityLink Remote Access Trojan Configuration

In recent weeks, I’ve spent time investigating the LuminosityLink Remote Access Trojan’s (RAT) embedded configuration. For those unaware, LuminosityLink is a malware family costing $40 that purports to be a system administration utility. However, when executed, the malware leverages a very aggressive keylogger, as well as a number of other malicious features that allow an

By Josh Grunzweig
July 8, 2016 at 5:00 AM

Bookworm Trojan: A Model of Modular Architecture

Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of DLL side-loading and a shellcode file. After closer inspection, it appears to be a completely distinct Trojan, which we have

By Robert Falcone, Mike Scott and Juan Cortes
November 10, 2015 at 11:00 AM

Listen: How Evolved 419 Scammers Are Targeting the Enterprise

Unit 42, the Palo Alto Networks threat intelligence team, will be appearing on a live webcast and Q&A with Dark Reading tomorrow, Thursday, August 28 at 2:00 p.m. EDT.

By Chad Berndtson
August 27, 2014 at 5:00 AM

Unit 42: A New Era In Threat Intelligence

Today we would like to officially introduce our new threat intelligence team, Unit 42, and announce the release of our first research paper, 419 Evolution. Unit 42 uses data collected from the Palo Alto Networks security platform to provide context into an attacker’s motivations and methods. Using our Critical Intelligence Requirements developed by our leadership, we

By Ryan Olson
July 22, 2014 at 5:30 AM

Posts tagged with: RAT