APT33 (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

APT33 (Back to overview)

aka: APT 33, ATK35, COBALT TRINITY, Elfin, G0064, HOLMIUM, MAGNALLIUM, Peach Sandstorm, Refined Kitten, TA451

Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.

Associated Families

ps1.powerton win.filerase win.powerband win.pupy win.dropshot win.shapeshift win.turnedup win.netwire win.poshc2 win.darkcomet win.nanocore win.quasar_rat win.remcos

References

2025-04-17 ⋅ Proofpoint ⋅ Greg Lesnewich, Josh Miller, Mark Kelly, Saher Naumaan
Around the World in 90 Days: State-Sponsored Actors Try ClickFix
Quasar RAT

2025-04-03 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Threat actors leverage tax season to deploy tax-themed phishing campaigns
Brute Ratel C4 CloudEyE Latrodectus Remcos

2025-03-28 ⋅ Cisco Talos ⋅ Guilherme Venere
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Remcos

2025-03-28 ⋅ Intrinsec ⋅ David Sardinha
From espionage to PsyOps: Tracking operations and bulletproof providers of UACs in 2025
sLoad NetSupportManager RAT Remcos SmokeLoader

2025-03-13 ⋅ Securonix ⋅ Den Iyzvyk, Tim Peck
Analyzing OBSCURE#BAT Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits
Quasar RAT r77

2025-03-11 ⋅ The Hacker News ⋅ Ravie Lakshmanan
Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
AsyncRAT NjRAT Quasar RAT Remcos

2025-03-10 ⋅ Check Point Research ⋅ Check Point Research
Blind Eagle: …And Justice for All
Remcos

2025-03-04 ⋅ ⋅ Genians ⋅ Genians
Analysis of Kimsuky Group association with emergency martial arts-themed APT attack
Quasar RAT

2025-02-27 ⋅ Medium b.magnezi ⋅ 0xMrMagnezi
NanoCore Malware Analysis
Nanocore RAT

2025-02-24 ⋅ Kaspersky Labs ⋅ Georgy Kucherin, João Godinho
The GitVenom campaign: cryptocurrency theft using GitHub
AsyncRAT Quasar RAT

2025-02-21 ⋅ SonicWall ⋅ SonicWall
Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered
Remcos

2025-01-30 ⋅ Recorded Future ⋅ Insikt Group
TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base
Rhysida KongTuke MintsLoader Broomstick Remcos Rhysida WarmCookie

2025-01-10 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update July to December 2024
Coper FluBot Hook Mirai FAKEUPDATES AsyncRAT BianLian Brute Ratel C4 Cobalt Strike DanaBot DCRat Havoc Latrodectus NjRAT Quasar RAT RedLine Stealer Remcos Rhadamanthys Sliver Stealc

2025-01-03 ⋅ Nimantha Deshappriya
RATs on the island (Remote Access Trojans in Sri Lanka's Cybersecurity Landscape)
AsyncRAT Quasar RAT Remcos

2024-12-12 ⋅ Elastic ⋅ Daniel Stepanic, Elastic Security Labs, Jia Yu Chan, Salim Bitam, Seth Goodwin
Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite
Gosar Quasar RAT SADBRIDGE

2024-11-08 ⋅ Fortinet ⋅ Xiaopeng Zhang
New Campaign Uses Remcos RAT to Exploit Victims
Remcos

2024-10-23 ⋅ ANY.RUN ⋅ ANY.RUN, Mostafa ElSheimy
DarkComet RAT: Technical Analysis of Attack Chain
DarkComet

2024-09-05 ⋅ Zscaler ⋅ Gaetano Pellegrino
BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar
Quasar RAT

2024-09-03 ⋅ Twitter (@embee_research) ⋅ Embee_research
Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control
Nanocore RAT

2024-08-14 ⋅ cyble ⋅ Cyble
Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign
pupy UTG-Q-010

2024-07-29 ⋅ loginsoft ⋅ Saharsh Agrawal
Blue Screen Mayhem: When CrowdStrike's Glitch Became Threat Actor's Playground
Daolpu HijackLoader Remcos

2024-07-09 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update January to June 2024
Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver

2024-06-06 ⋅ Medium b.magnezi ⋅ 0xMrMagnezi
Remcos RAT Analysis
Remcos

2024-05-14 ⋅ Check Point Research ⋅ Antonis Terefos, Tera0017
Foxit PDF “Flawed Design” Exploitation
Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm

2024-05-10 ⋅ Elastic ⋅ Cyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four
Remcos

2024-05-03 ⋅ Elastic ⋅ Cyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Three
Remcos

2024-04-30 ⋅ Elastic ⋅ Cyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Two
Remcos

2024-04-24 ⋅ Elastic ⋅ Cyril François, Samir Bousseaden
Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part One
Remcos

2024-04-15 ⋅ Positive Technologies ⋅ Aleksandr Badaev, Kseniya Naumova
SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world
LokiBot 404 Keylogger Agent Tesla CloudEyE Formbook Remcos XWorm

2024-04-11 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
Rat King Configuration Parser
AsyncRAT DCRat Quasar RAT Venom RAT

2024-03-26 ⋅ K7 Security ⋅ Vigneshwaran P
Unknown TTPs of Remcos RAT
Remcos

2024-02-28 ⋅ Security Intelligence ⋅ Golo Mühr, Ole Villadsen
X-Force data reveals top spam trends, campaigns and senior superlatives in 2023
404 Keylogger Agent Tesla Black Basta DarkGate Formbook IcedID Loki Password Stealer (PWS) Pikabot QakBot Remcos

2024-02-21 ⋅ Medium b.magnezi ⋅ 0xMrMagnezi
Malware Analysis — Remcos RAT
Remcos

2024-01-25 ⋅ JSAC 2024 ⋅ Masafumi Takeda, Tomoya Furukawa
Threat Intelligence of Abused Public Post-Exploitation Frameworks
AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver

2024-01-15 ⋅ DFIR.ch ⋅ Stephan Berger
Hunting AsyncRAT & QuasarRAT
AsyncRAT Quasar RAT

2024-01-12 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver

2024-01-08 ⋅ YouTube (Embee Research) ⋅ Embee_research
Malware Analysis - Powershell decoding and .NET C2 Extraction (Quasar RAT)
Quasar RAT

2024-01-03 ⋅ Uptycs ⋅ Karthickkumar Kathiresan, Shilpesh Trivedi
Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion
Remcos

2023-12-07 ⋅ ⋅ Cert-UA ⋅ Cert-UA
UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218)
Meduza Stealer Remcos

2023-11-23 ⋅ Infosec Writeups ⋅ Osama Ellahi
Malware analysis Remcos RAT- 4.9.2 Pro
Remcos

2023-11-22 ⋅ Twitter (@embee_research) ⋅ Embee_research
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos

2023-11-14 ⋅ SOC Prime ⋅ Veronika Telychko
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine
Remcos UAC-0050

2023-10-27 ⋅ Twitter (@embee_research) ⋅ Embee_research
Remcos Downloader Analysis - Manual Deobfuscation of Visual Basic and Powershell
Remcos

2023-10-12 ⋅ Cluster25 ⋅ Cluster25 Threat Intel Team
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Agent Tesla Crimson RAT Nanocore RAT SmokeLoader

2023-10-12 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar

2023-09-21 ⋅ Medium shaddy43 ⋅ Shayan Ahmed Khan
Secrets of commercial RATs! NanoCore dissected
Nanocore RAT

2023-09-19 ⋅ Checkpoint ⋅ Alexey Bukhteyev, Arie Olshtein
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos
CloudEyE Remcos

2023-09-14 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
APT33

2023-09-08 ⋅ Gi7w0rm
Uncovering DDGroup — A long-time threat actor
AsyncRAT Ave Maria BitRAT DBatLoader NetWire RC Quasar RAT XWorm

2023-07-11 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee

2023-07-08 ⋅ Gi7w0rm
CloudEyE — From .lnk to Shellcode
CloudEyE Remcos

2023-06-08 ⋅ Twitter (@embee_research) ⋅ Embee_research
Practical Queries for Identifying Malware Infrastructure: An informal page for storing Censys/Shodan queries
Amadey AsyncRAT Cobalt Strike QakBot Quasar RAT Sliver solarmarker

2023-05-16 ⋅ CyberRaiju ⋅ Jai Minton
Remcos RAT - Malware Analysis Lab
Remcos

2023-05-15 ⋅ embeeresearch ⋅ Embee_research
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys
Quasar RAT

2023-04-13 ⋅ OALabs ⋅ Sergei Frankoff
Quasar Chaos: Open Source Ransomware Meets Open Source RAT
Chaos Quasar RAT

2023-04-13 ⋅ Microsoft ⋅ Microsoft Threat Intelligence
Threat actors strive to cause Tax Day headaches
CloudEyE Remcos

2023-04-12 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar

2023-04-10 ⋅ Check Point ⋅ Check Point
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee

2023-03-30 ⋅ loginsoft ⋅ Saharsh Agrawal
From Innocence to Malice: The OneNote Malware Campaign Uncovered
Agent Tesla AsyncRAT DOUBLEBACK Emotet Formbook IcedID NetWire RC QakBot Quasar RAT RedLine Stealer XWorm

2023-03-27 ⋅ Zscaler ⋅ Meghraj Nandanwar, Satyam Singh
DBatLoader: Actively Distributing Malwares Targeting European Businesses
DBatLoader Remcos

2023-03-16 ⋅ Trend Micro ⋅ Cedric Pernet, Jaromír Hořejší, Loseway Lu
IPFS: A New Data Frontier or a New Cybercriminal Hideout?
Agent Tesla Formbook RedLine Stealer Remcos

2023-03-10 ⋅ The Register ⋅ Jessica Lyons Hardcastle
FBI and international cops catch a NetWire RAT
NetWire RC

2023-02-24 ⋅ Zscaler ⋅ Avinash Kumar, Niraj Shivtarkar
Snip3 Crypter Reveals New TTPs Over Time
DCRat Quasar RAT

2023-02-23 ⋅ Bitdefender ⋅ Bitdefender Team, Martin Zugec
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Cobalt Strike DarkComet QuiteRAT RATel

2023-02-22 ⋅ SOC Prime ⋅ Daryna Olyniychuk
New Phishing Attack Detection Attributed to the UAC-0050 and UAC-0096 Groups Spreading Remcos Spyware
Remcos UAC-0050

2023-02-21 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Cyber attack of the group UAC-0050 (UAC-0096) using the Remcos program (CERT-UA#6011)
Remcos UAC-0050

2023-02-06 ⋅ ⋅ Cert-UA ⋅ Cert-UA
UAC-0050 cyber attack against the state bodies of Ukraine using the program for remote control and surveillance Remcos (CERT-UA#5926)
Remcos UAC-0050

2023-02-03 ⋅ Cloudsek ⋅ Deepanjli Paulraj, Pavan Karthick M
Threat Actors Abuse AI-Generated Youtube Videos to Spread Stealer Malware
Alfonso Stealer Bandit Stealer Cameleon Fabookie Lumma Stealer Nanocore RAT Panda Stealer RecordBreaker RedLine Stealer Stealc STOP Vidar zgRAT

2023-01-30 ⋅ Checkpoint ⋅ Arie Olshtein
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Agent Tesla Azorult Buer Cerber Cobalt Strike Emotet Formbook HawkEye Keylogger Loki Password Stealer (PWS) Maze NetWire RC Remcos REvil TrickBot

2023-01-24 ⋅ Trellix ⋅ Daksh Kapur, John Fokker, Robert Venal, Tomer Shloman
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos

2023-01-09 ⋅ YouTube (Embee Research) ⋅ Embee_research
Malware Analysis - VBS Decoding With Cyberchef (Nanocore Loader)
Nanocore RAT

2023-01-05 ⋅ Symantec ⋅ Threat Hunter Team
Bluebottle: Campaign Hits Banks in French-speaking Countries in Africa
CloudEyE Cobalt Strike MimiKatz NetWire RC POORTRY Quasar RAT BlueBottle

2023-01-04 ⋅ K7 Security ⋅ Saikumaravel
Pupy RAT hiding under WerFault’s cover
pupy

2022-12-18 ⋅ ZAYOTEM ⋅ Enes Şakir Çolak
NetWire Technical Analysis Report
NetWire RC

2022-11-21 ⋅ Malwarebytes ⋅ Malwarebytes
2022-11-21 Threat Intel Report
404 Keylogger Agent Tesla Formbook Hive Remcos

2022-11-06 ⋅ LMNTRIX ⋅ LMNTRIX
Analysis Of Netwire RAT
NetWire RC

2022-10-13 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm

2022-09-22 ⋅ Morphisec ⋅ Morphisec Labs
Watch Out For The New NFT-001
Eternity Stealer Remcos

2022-09-13 ⋅ Symantec ⋅ Threat Hunter Team
New Wave of Espionage Activity Targets Asian Governments
MimiKatz PlugX Quasar RAT ShadowPad Trochilus RAT

2022-09-06 ⋅ Check Point ⋅ Check Point Research
DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa
AsyncRAT Meterpreter PoshC2 DangerousSavanna

2022-09-01 ⋅ Medium michaelkoczwara ⋅ Michael Koczwara
Hunting C2/Adversaries Infrastructure with Shodan and Censys
Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver

2022-08-30 ⋅ Medium the_abjuri5t ⋅ John F
NanoCore RAT Hunting Guide
Nanocore RAT

2022-08-29 ⋅ Soc Investigation ⋅ BalaGanesh
Remcos RAT New TTPS - Detection & Response
Remcos

2022-08-21 ⋅ Perception Point ⋅ Igal Lytzki
Behind the Attack: Remcos RAT
Remcos

2022-08-18 ⋅ Sophos ⋅ Sean Gallagher
Cookie stealing: the new perimeter bypass
Cobalt Strike Meterpreter MimiKatz Phoenix Keylogger Quasar RAT

2022-08-17 ⋅ ⋅ 360 ⋅ 360 Threat Intelligence Center
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT

2022-08-17 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
DarkTortilla Malware Analysis
Agent Tesla AsyncRAT Cobalt Strike DarkTortilla Nanocore RAT RedLine Stealer

2022-08-12 ⋅ Brandefense ⋅ Brandefense
Mythic Leopard APT Group
Crimson RAT DarkComet NjRAT Oblique RAT Peppy RAT

2022-08-04 ⋅ ConnectWise ⋅ Stu Gonzalez
Formbook and Remcos Backdoor RAT by ConnectWise CRU
Formbook Remcos

2022-07-29 ⋅ Qualys ⋅ Viren Chaudhari
New Qualys Research Report: Evolution of Quasar RAT
Quasar RAT

2022-07-27 ⋅ Qualys ⋅ Viren Chaudhari
Stealthy Quasar Evolving to Lead the RAT Race
Quasar RAT

2022-07-21 ⋅ Censys ⋅ Matt Lembright
Russian Ransomware C2 Network Discovered in Censys Data
DeimosC2 PoshC2

2022-07-20 ⋅ Sophos ⋅ Colin Cowie, Gabor Szappanos
OODA: X-Ops Takes On Burgeoning SQL Server Attacks
Maoloa Remcos TargetCompany

2022-07-18 ⋅ Censys ⋅ Censys
Russian Ransomware C2 Network Discovered in Censys Data
Cobalt Strike DeimosC2 MimiKatz PoshC2

2022-07-13 ⋅ Weixin ⋅ Antiy CERT
Confucius: The Angler Hidden Under CloudFlare
Quasar RAT

2022-06-23 ⋅ Secureworks ⋅ Counter Threat Unit ResearchTeam
BRONZE STARLIGHT Ransomware Operations Use HUI Loader
ATOMSILO Cobalt Strike HUI Loader LockFile NightSky Pandora PlugX Quasar RAT Rook SodaMaster BRONZE STARLIGHT

2022-06-21 ⋅ Cisco Talos ⋅ Chris Neal, Flavio Costa, Guilherme Venere
Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz

2022-06-20 ⋅ ⋅ Infinitum IT ⋅ infinitum IT
Charming Kitten (APT35)
LaZagne DownPaper MimiKatz pupy

2022-06-15 ⋅ Volexity ⋅ Steven Adair, Thomas Lancaster, Volexity Threat Research
DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
pupy Sliver DriftingCloud

2022-06-02 ⋅ FortiGuard Labs ⋅ Fred Gutierrez, Gergely Revay, James Slaughter, Shunichi Imano
Threat Actors Prey on Eager Travelers
AsyncRAT NetWire RC Quasar RAT

2022-05-23 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka

2022-05-19 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
.NET Stubs: Sowing the Seeds of Discord
Agent Tesla Quasar RAT WhisperGate

2022-05-19 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
.NET Stubs: Sowing the Seeds of Discord (PureCrypter)
Aberebot AbstractEmu AdoBot 404 Keylogger Agent Tesla Amadey AsyncRAT Ave Maria BitRAT BluStealer Formbook LimeRAT Loki Password Stealer (PWS) Nanocore RAT Orcus RAT Quasar RAT Raccoon RedLine Stealer WhisperGate

2022-05-16 ⋅ JPCERT/CC ⋅ Shusei Tomonaga
Analysis of HUI Loader
HUI Loader PlugX Poison Ivy Quasar RAT

2022-05-12 ⋅ Morphisec ⋅ Hido Cohen
New SYK Crypter Distributed Via Discord
AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer

2022-05-05 ⋅ Github (muha2xmad) ⋅ Muhammad Hasan Ali
Analysis of MS Word to drop Remcos RAT | VBA extraction and analysis | IoCs
Remcos

2022-04-27 ⋅ Trendmicro ⋅ Trendmicro
IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka

2022-04-27 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka

2022-04-27 ⋅ Trendmicro ⋅ Trendmicro
IOCs for Earth Berberoka - Linux
Rekoobe pupy Earth Berberoka

2022-04-27 ⋅ Trendmicro ⋅ Daniel Lunghi, Jaromír Hořejší
Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka

2022-04-26 ⋅ Trend Micro ⋅ Lord Alfred Remorin, Ryan Flores, Stephen Hilt
How Cybercriminals Abuse Cloud Tunneling Services
AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT

2022-04-15 ⋅ Center for Internet Security ⋅ CIS
Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus

2022-04-12 ⋅ HP ⋅ Patrick Schläpfer
Malware Campaigns Targeting African Banking Sector
CloudEyE Remcos

2022-04-06 ⋅ Fortinet ⋅ Xiaopeng Zhang
The Latest Remcos RAT Driven By Phishing Campaign
Remcos

2022-03-30 ⋅ Morphisec ⋅ Hido Cohen
New Wave Of Remcos RAT Phishing Campaign
Remcos

2022-03-30 ⋅ Recorded Future ⋅ Insikt Group
Social Engineering Remains Key Tradecraft for Iranian APTs
Liderc pupy

2022-03-27 ⋅ Medium M3H51N ⋅ M3H51N
Malware Analysis — NanoCore Rat
Nanocore RAT

2022-03-25 ⋅ Trustwave ⋅ Trustwave SpiderLabs
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
Remcos

2022-03-24 ⋅ Lab52 ⋅ freyit
Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks
Quasar RAT

2022-03-07 ⋅ ASEC ⋅ ASEC
Distribution of Remcos RAT Disguised as Tax Invoice
Remcos

2022-03-05 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Malware now using NVIDIA's stolen code signing certificates
Quasar RAT

2022-03-04 ⋅ Bitdefender ⋅ Alina Bizga
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine
Agent Tesla Remcos

2022-03-04 ⋅ Bleeping Computer ⋅ Bill Toulas
Russia-Ukraine war exploited as lure for malware distribution
Agent Tesla Remcos

2022-03-01 ⋅ VirusTotal ⋅ VirusTotal
VirusTotal's 2021 Malware Trends Report
Anubis AsyncRAT BlackMatter Cobalt Strike DanaBot Dridex Khonsari MimiKatz Mirai Nanocore RAT Orcus RAT

2022-02-28 ⋅ ⋅ ASEC ⋅ ASEC
Remcos RAT malware disseminated by pretending to be tax invoices
Remcos

2022-02-22 ⋅ CyCraft Technology Corp
China Implicated in Prolonged Supply Chain Attack Targeting Taiwan Financial Sector
Quasar RAT

2022-02-21 ⋅ ⋅ CyCraft ⋅ CyCraft AI
An in-depth analysis of the Operation Cache Panda organized supply chain attack on Taiwan's financial industry
Quasar RAT

2022-02-21 ⋅ The Record ⋅ Catalin Cimpanu
Chinese hackers linked to months-long attack on Taiwanese financial sector
Quasar RAT

2022-02-18 ⋅ YouTube (John Hammond) ⋅ John Hammond
Uncovering NETWIRE Malware - Discovery & Deobfuscation
NetWire RC

2022-02-18 ⋅ SANS ISC ⋅ Xavier Mertens
Remcos RAT Delivered Through Double Compressed Archive
Remcos

2022-02-15 ⋅ BleepingComputer ⋅ Ionut Ilascu
Unskilled hacker linked to years of attacks on aviation, transport sectors
AsyncRAT Houdini NetWire RC Parallax RAT

2022-02-15 ⋅ Threat Post ⋅ Elizabeth Montalbano
TA2541: APT Has Been Shooting RATs at Aviation for Years
AsyncRAT Houdini NetWire RC Parallax RAT

2022-02-14 ⋅ Morphisec ⋅ Arnold Osipov, Hido Cohen
Journey of a Crypto Scammer - NFT-001
AsyncRAT BitRAT Remcos

2022-02-11 ⋅ blog.rootshell.be ⋅ Xavier Mertens
[SANS ISC] CinaRAT Delivered Through HTML ID Attributes
Quasar RAT

2022-02-11 ⋅ Cisco Talos ⋅ Talos
Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus

2022-02-09 ⋅ SentinelOne ⋅ Juan Andrés Guerrero-Saade, Tom Hegel
Modified Elephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC

2022-02-09 ⋅ Sentinel LABS ⋅ Tom Hegel
ModifiedElephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC ModifiedElephant

2022-02-08 ⋅ ASEC ⋅ ASEC
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
GoldDragon Quasar RAT

2022-02-08 ⋅ Intel 471 ⋅ Intel 471
PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar

2022-02-08 ⋅ Itay Migdal
Remcos Analysis
Remcos

2022-02-07 ⋅ RiskIQ ⋅ RiskIQ
RiskIQ: Malicious Infrastructure Connected to Particular Windows Host Certificates
AsyncRAT BitRAT Nanocore RAT

2022-01-28 ⋅ eSentire ⋅ eSentire Threat Response Unit (TRU)
Remcos RAT
Remcos

2022-01-13 ⋅ muha2xmad ⋅ Muhammad Hasan Ali
Unpacking Remcos malware
Remcos

2022-01-12 ⋅ Cisco ⋅ Chetan Raghuprasad, Vanja Svajcer
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
AsyncRAT Nanocore RAT NetWire RC

2022-01-10 ⋅ splunk ⋅ Splunk Threat Research Team
Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Remcos

2022-01-08 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Trojanized dnSpy app drops malware cocktail on researchers, devs
Quasar RAT

2022-01-02 ⋅ Medium amgedwageh ⋅ Amged Wageh
Automating The Analysis Of An AutoIT Script That Wraps A Remcos RAT
Remcos

2021-12-14 ⋅ Trend Micro ⋅ Nick Dai, Ted Lee, Vickie Su
Collecting In the Dark: Tropic Trooper Targets Transportation and Government
ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23

2021-12-13 ⋅ RiskIQ ⋅ Jordan Herman
RiskIQ: Connections between Nanocore, Netwire, and AsyncRAT and Vjw0rm dynamic DNS C2 infrastructure
AsyncRAT Nanocore RAT NetWire RC Vjw0rm

2021-11-29 ⋅ Trend Micro ⋅ Jaromír Hořejší
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos

2021-11-23 ⋅ HP ⋅ Patrick Schläpfer
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
AdWind Ratty STRRAT CloudEyE Formbook Houdini Panda Stealer Remcos

2021-11-23 ⋅ Morphisec ⋅ Arnold Osipov, Hido Cohen
Babadeda Crypter targeting crypto, NFT, and DeFi communities
Babadeda BitRAT LockBit Remcos

2021-11-11 ⋅ splunk ⋅ Splunk Threat Research Team
FIN7 Tools Resurface in the Field – Splinter or Copycat?
JSSLoader Remcos

2021-11-10 ⋅ ⋅ AhnLab ⋅ ASEC Analysis Team
Analysis Report of Lazarus Group’s NukeSped Malware
DarkComet Tiger RAT

2021-10-27 ⋅ Proofpoint ⋅ Joe Wise, Selena Larson
New Threat Actor Spoofs Philippine Government, COVID-19 Health Data in Widespread RAT Campaigns
Nanocore RAT Remcos TA2722

2021-10-19 ⋅ Cisco Talos ⋅ Asheer Malhotra
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
DCRat Quasar RAT

2021-10-06 ⋅ ESET Research ⋅ Martina López
To the moon and hack: Fake SafeMoon app drops malware to spy on you
Remcos

2021-10-01 ⋅ HP ⋅ HP Wolf Security
Threat Insights Report Q3 - 2021
STRRAT CloudEyE NetWire RC Remcos TrickBot Vjw0rm

2021-09-23 ⋅ Talos ⋅ Asheer Malhotra, Justin Thattil, Vanja Svajcer
Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
Ave Maria NetWire RC

2021-09-20 ⋅ Trend Micro ⋅ Aliakbar Zahravi, William Gamazo Sanchez
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT

2021-09-16 ⋅ Blackberry ⋅ The BlackBerry Research & Intelligence Team
Threat Thursday: NetWire RAT is Coming Down the Line
NetWire RC

2021-09-15 ⋅ Telsy ⋅ Telsy
REMCOS and Agent Tesla loaded into memory with Rezer0 loader
Agent Tesla Remcos

2021-09-13 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos

2021-09-13 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos

2021-09-06 ⋅ ⋅ dbappsecurity ⋅ 猎影实验室
假面行动(Operation MaskFace)-疑似针对境外银行的利用问卷调查为主题的钓鱼攻击事件分析
PoshC2

2021-09-03 ⋅ Trend Micro ⋅ Mohamad Mokbel
The State of SSL/TLS Certificate Usage in Malware C&C Communications
AdWind ostap AsyncRAT BazarBackdoor BitRAT Buer Chthonic CloudEyE Cobalt Strike DCRat Dridex FindPOS GootKit Gozi IcedID ISFB Nanocore RAT Orcus RAT PandaBanker Qadars QakBot Quasar RAT Rockloader ServHelper Shifu SManager TorrentLocker TrickBot Vawtrak Zeus Zloader

2021-09-01 ⋅ ⋅ 360 Threat Intelligence Center ⋅ Advanced Threat Institute
APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert
Crimson RAT NetWire RC

2021-08-05 ⋅ ⋅ Twitter (@BaoshengbinCumt) ⋅ 2ero
Attacks on NCGSA, MOITT, MOD, NSCP and SCO in Pakistan
NetWire RC

2021-08-04 ⋅ ⋅ ASEC ⋅ ASEC
S/W Download Camouflage, Spreading Various Kinds of Malware
Raccoon RedLine Stealer Remcos Vidar

2021-07-27 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team
Old Dogs New Tricks: Attackers Adopt Exotic Programming Languages
elf.wellmess ElectroRAT BazarNimrod Buer Cobalt Strike Remcos Snake TeleBot WellMess Zebrocy

2021-07-19 ⋅ Malwarebytes ⋅ Erika Noerenberg
Remcos RAT delivered via Visual Basic
Remcos

2021-07-12 ⋅ IBM ⋅ Claire Zaboeva, Dan Dash, Melissa Frydrych
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos

2021-07-12 ⋅ Cipher Tech Solutions ⋅ Claire Zaboeva, Dan Dash, Melissa Frydrych
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos

2021-06-10 ⋅ ZAYOTEM ⋅ Fatma Helin Çakmak, Fatma Nur Gözüküçük, Hakan Soysal, Halil Filik, Yasin Mersin
NetWire Technical Analysis Report
NetWire RC

2021-05-27 ⋅ MinervaLabs ⋅ Tom Roter
Trapping A Fat Quasar RAT
Quasar RAT

2021-05-13 ⋅ Anomali ⋅ Gage Mele, Tara Gould
Threat Actors Use MSBuild to Deliver RATs Filelessly
Remcos

2021-05-07 ⋅ Morphisec ⋅ Nadav Lorber
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
Agent Tesla AsyncRAT NetWire RC Revenge RAT

2021-05-05 ⋅ Zscaler ⋅ Aniruddha Dolas, Manohar Ghule, Mohd Sadique
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats
Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos

2021-04-27 ⋅ Kaspersky ⋅ GReAT
APT trends report Q1 2021
PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster

2021-04-21 ⋅ Talos ⋅ Vanja Svajcer
A year of Fajan evolution and Bloomberg themed campaigns
MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT

2021-04-14 ⋅ Zscaler ⋅ Atinderpal Singh, Rohit Chaturvedi, Tarun Dewan
A look at HydroJiin campaign
NetWire RC Quasar RAT

2021-03-18 ⋅ Cybereason ⋅ Daniel Frank
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
NetWire RC Remcos

2021-03-16 ⋅ Morphisec ⋅ Nadav Lorber
Tracking HCrypt: An Active Crypter as a Service
AsyncRAT LimeRAT Remcos

2021-03-11 ⋅ Trustwave ⋅ Diana Lopera
Image File Trickery Part II: Fake Icon Delivers NanoCore
Nanocore RAT

2021-02-25 ⋅ Intezer ⋅ Intezer
Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy

2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER

2021-02-18 ⋅ PTSecurity ⋅ PTSecurity
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/
Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader

2021-02-08 ⋅ Arsenal Consulting ⋅ Arsenal Consulting
National Investigation Agency VS Sudhir Pralhad Dhawale & others Report 1
NetWire RC

2021-02-05 ⋅ Morphisec ⋅ Nadav Lorber
CinaRAT Resurfaces with New Evasive Tactics and Techniques
Quasar RAT

2021-01-13 ⋅ Bitdefender ⋅ Janos Gergo Szeles
Remcos RAT Revisited: A Colombian Coronavirus-Themed Campaign
Remcos

2021-01-11 ⋅ ESET Research ⋅ Matías Porolli
Operation Spalax: Targeted malware attacks in Colombia
Agent Tesla AsyncRAT NjRAT Remcos

2021-01-09 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot

2021-01-07 ⋅ Recorded Future ⋅ Insikt Group®
Aversary Infrastructure Report 2020: A Defender's View
Octopus pupy Cobalt Strike Empire Downloader Meterpreter PoshC2

2021-01-06 ⋅ Red Canary ⋅ Tony Lambert
Hunting for GetSystem in offensive security tools
Cobalt Strike Empire Downloader Meterpreter PoshC2

2020-12-28 ⋅ ⋅ Antiy CERT ⋅ Antiy CERT
"Civerids" organization vs. Middle East area attack activity analysis report
Quasar RAT

2020-12-24 ⋅ IronNet ⋅ Adam Hlavek
China cyber attacks: the current threat landscape
PLEAD TSCookie FlowCloud Lookback PLEAD PlugX Quasar RAT Winnti

2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader

2020-12-10 ⋅ US-CERT ⋅ FBI, MS-ISAC, US-CERT
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus

2020-12-10 ⋅ JPCERT/CC ⋅ Kota Kino
Attack Activities by Quasar Family
AsyncRAT Quasar RAT Venom RAT XPCTRA

2020-12-09 ⋅ Cybereason ⋅ Cybereason Nocturnus Team
MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign
DropBook JhoneRAT Molerat Loader Pierogi Quasar RAT SharpStage Spark

2020-12-09 ⋅ Cybereason ⋅ Cybereason Nocturnus
New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign
DropBook MoleNet Quasar RAT SharpStage Spark

2020-12-07 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team
Commodity .NET Packers use Embedded Images to Hide Payloads
Agent Tesla Loki Password Stealer (PWS) Remcos

2020-11-19 ⋅ Threatpost ⋅ Elizabeth Montalbano
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
Quasar RAT Ryuk

2020-11-18 ⋅ G Data ⋅ G-Data
Business as usual: Criminal Activities in Times of a Global Pandemic
Agent Tesla Nanocore RAT NetWire RC Remcos

2020-11-17 ⋅ Symantec ⋅ Threat Hunter Team
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
Quasar RAT

2020-09-22 ⋅ vmware ⋅ Omar Elgebaly, Takahiro Haruyama
Detecting Threats in Real-time With Active C2 Information
Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti

2020-09-18 ⋅ Symantec ⋅ Threat Hunter Team
Elfin: Latest U.S. Indictments Appear to Target Iranian Espionage Group
Nanocore RAT

2020-09-17 ⋅ FBI ⋅ FBI
FBI PIN Number 20200917-001: IRGC-Associated Cyber Operations Against US Company Networks
MimiKatz Nanocore RAT

2020-09-11 ⋅ ThreatConnect ⋅ ThreatConnect Research Team
Research Roundup: Activity on Previously Identified APT33 Domains
Emotet PlugX APT33

2020-09-10 ⋅ Medium mariohenkel ⋅ Mario Henkel
Decrypting NanoCore config and dump all plugins
Nanocore RAT

2020-08-26 ⋅ Proofpoint ⋅ Proofpoint Threat Research Team
Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages
AsyncRAT Nanocore RAT TA2719

2020-08-20 ⋅ ⋅ Seebug Paper ⋅ Malayke
Use ZoomEye to track multiple Redteam C&C post-penetration attack frameworks
Cobalt Strike Empire Downloader PoshC2

2020-08-01 ⋅ ⋅ TG Soft ⋅ TG Soft
TG Soft Cyber - Threat Report
DarkComet Darktrack RAT Emotet ISFB

2020-07-30 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader

2020-07-14 ⋅ SophosLabs Uncut ⋅ Markel Picado, Sean Gallagher
RATicate upgrades “RATs as a Service” attacks with commercial “crypter”
LokiBot BetaBot CloudEyE NetWire RC

2020-07-13 ⋅ FireEye ⋅ Aaron Stephens, Andrew Thompson
SCANdalous! (External Detection Using Network Scan Data and Automation)
POWERTON QUADAGENT PoshC2

2020-07-13 ⋅ Github (1d8) ⋅ 1d8
Remcos RAT Macro Dropper Doc
Remcos

2020-06-22 ⋅ MalwareLab.pl ⋅ Maciej Kotowicz
VenomRAT - new, hackforums grade, reincarnation of QuassarRAT
Quasar RAT Venom RAT

2020-06-18 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team
Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint (APT33/HOLMIUM)
POWERTON

2020-06-17 ⋅ Nettitude Labs ⋅ Rob Bone
Detecting PoshC2 – Indicators of Compromise
PoshC2

2020-06-15 ⋅ Amnesty International ⋅ Amnesty International
India: Human Rights Defenders Targeted by a Coordinated Spyware Operation
NetWire RC

2020-06-11 ⋅ Talos Intelligence ⋅ Joe Marshall, Kendall McKay
Tor2Mine is up to their old tricks — and adds a few new ones
Azorult Remcos

2020-06-07 ⋅ Zero2Automated Blog ⋅ 0verfl0w_
Dealing with Obfuscated Macros, Statically - NanoCore
Nanocore RAT

2020-05-29 ⋅ Zscaler ⋅ Sudeep Singh
ShellReset RAT Spread Through Macro-Based Documents Using AppLocker Bypass
Quasar RAT

2020-05-26 ⋅ CrowdStrike ⋅ Guillermo Taibo
Weaponized Disk Image Files: Analysis, Trends and Remediation
Nanocore RAT

2020-05-21 ⋅ Malwarebytes ⋅ Malwarebytes Labs
Cybercrime tactics and techniques
Ave Maria Azorult DanaBot Loki Password Stealer (PWS) NetWire RC

2020-05-20 ⋅ Zscaler ⋅ Amandeep Kumar, Rohit Chaturvedi
Latest Version of Amadey Introduces Screen Capturing and Pushes the Remcos RAT
Amadey Remcos

2020-05-14 ⋅ 360 Total Security ⋅ kate
Vendetta - new threat actor from Europe
Nanocore RAT Remcos

2020-05-14 ⋅ Lab52 ⋅ Dex
The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey
Cobalt Strike HTran MimiKatz PlugX Quasar RAT

2020-05-14 ⋅ SophosLabs ⋅ Markel Picado
RATicate: an attacker’s waves of information-stealing malware
Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos

2020-05-06 ⋅ Yoroi ⋅ Davide Testa, Luca Mella, Luigi Martire
New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain
NetWire RC

2020-04-27 ⋅ 0x00sec ⋅ Dan Lisichkin
Master of RATs - How to create your own Tracker
Quasar RAT

2020-04-15 ⋅ Zscaler ⋅ Sudeep Singh
Multistage FreeDom loader used in Aggah Campaign to spread Nanocore and AZORult
Azorult Nanocore RAT

2020-04-04 ⋅ MalwareInDepth ⋅ Myrtus 0x0
Nanocore & CypherIT
Nanocore RAT

2020-04-03 ⋅ Palo Alto Networks Unit 42 ⋅ Brad Duncan
GuLoader: Malspam Campaign Installing NetWire RAT
CloudEyE NetWire RC

2020-04-02 ⋅ Cisco Talos ⋅ Vanja Svajcer
AZORult brings friends to the party
Azorult Remcos

2020-04-01 ⋅ Cisco ⋅ Andrea Kaiser, Shyam Sundar Ramaswami
Navigating Cybersecurity During a Pandemic: Latest Malware and Threat Actors
Azorult CloudEyE Formbook KPOT Stealer Metamorfo Nanocore RAT NetWire RC TrickBot

2020-03-20 ⋅ Bitdefender ⋅ Liviu Arsene
5 Times More Coronavirus-themed Malware Reports during March
ostap HawkEye Keylogger Koadic Loki Password Stealer (PWS) Nanocore RAT Remcos

2020-03-18 ⋅ Proofpoint ⋅ Axel F, Sam Scholten
Coronavirus Threat Landscape Update
Agent Tesla Get2 ISFB Remcos

2020-03-05 ⋅ ⋅ VinCSS ⋅ Dang Dinh Phuong
[RE011] Unpack crypter của malware Netwire bằng x64dbg
NetWire RC

2020-02-21 ⋅ ADEO DFIR ⋅ ADEO DFIR
APT10 Threat Analysis Report
CHINACHOPPER HTran MimiKatz PlugX Quasar RAT

2020-02-13 ⋅ Talos ⋅ Edmund Brumaghin, Nick Biasini
Threat actors attempt to capitalize on coronavirus outbreak
Emotet Nanocore RAT Parallax RAT

2020-02-12 ⋅ Telsy ⋅ Telsy
Meeting POWERBAND: The APT33 .NET POWERTON Variant
POWERTON POWERBAND

2020-01-31 ⋅ ReversingLabs ⋅ Robert Simmons
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT

2020-01-26 ⋅ Brown Farinholt, Damon McCoy, Kirill Levchenko, Mohammad Rezaeirad
Dark Matter: Uncovering the DarkComet RAT Ecosystem
DarkComet

2020-01-23 ⋅ Recorded Future ⋅ Insikt Group
European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019
pupy pupy pupy

2020-01-19 ⋅ 360 ⋅ kate
BayWorld event, Cyber Attack Against Foreign Trade Industry
Azorult Formbook Nanocore RAT Revenge RAT

2020-01-17 ⋅ JPCERT/CC ⋅ Takayoshi Shiigi
Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT

2020-01-01 ⋅ Github (nettitude) ⋅ Nettitude
Repository for Python Server for PoshC2
PoshC2

2020-01-01 ⋅ Secureworks ⋅ SecureWorks
BRONZE RIVERSIDE
Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves APT10

2020-01-01 ⋅ Secureworks ⋅ SecureWorks
COBALT TRINITY
POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33

2020-01-01 ⋅ Secureworks ⋅ SecureWorks
ALUMINUM SARATOGA
BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats

2020-01-01 ⋅ Secureworks ⋅ SecureWorks
COPPER FIELDSTONE
Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major

2019-12-12 ⋅ Trend Micro ⋅ Cedric Pernet, Feike Hacquebord, Kenney Lu
More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
APT33

2019-12-05 ⋅ Github (jeFF0Falltrades) ⋅ Jeff Archer
PoshC2 (specifically as used by APT33)
PoshC2

2019-11-20 ⋅ vmware ⋅ Takahiro Haruyama
Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)
NetWire RC

2019-11-19 ⋅ FireEye ⋅ Kelli Vanderlee, Nalani Fraser
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions
MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC POISONPLUG Poison Ivy pupy Quasar RAT ZXShell

2019-11-18 ⋅ Rewterz Information Security ⋅ Rewterz Information Security
REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS
PoshC2

2019-10-21 ⋅ Fortinet ⋅ Chris Navarrete, Xiaopeng Zhang
New Variant of Remcos RAT Observed In the Wild
Remcos

2019-09-26 ⋅ Proofpoint ⋅ Bryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team
New WhiteShadow downloader uses Microsoft SQL to retrieve malware
WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos

2019-09-19 ⋅ NSHC ⋅ ThreatRecon Team
Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
Nanocore RAT Revenge RAT

2019-09-12 ⋅ Avast ⋅ Adolf Středa, Luigino Camastra
The tangle of WiryJMPer’s obfuscation
NetWire RC

2019-09-07 ⋅ Dissecting Malware ⋅ Marius Genheimer
Malicious RATatouille
Remcos

2019-08-25 ⋅ Github (threatland) ⋅ ThreatLand
Nanocor Sample
Nanocore RAT

2019-08-22 ⋅ Github (n1nj4sec) ⋅ n1nj4sec
Pupy RAT
pupy pupy pupy

2019-08-22 ⋅ Youtube (OALabs) ⋅ Sergei Frankoff
Remcos RAT Unpacked From VB6 With x64dbg Debugger
Remcos

2019-08-15 ⋅ Trend Micro ⋅ Aliakbar Zahravi
Analysis: New Remcos RAT Arrives Via Phishing Email
Remcos

2019-07-22 ⋅ One Night in Norfolk ⋅ Kevin Perlow
APT33 PowerShell Malware
POWERTON

2019-06-24 ⋅ Symantec ⋅ Benjamin Moench
Backdoor.Powerton
POWERTON

2019-06-19 ⋅ Check Point ⋅ Kobi Eisenkraft, Moshe Hayun
Check Point’s Threat Emulation Stops Large-Scale Phishing Campaign in Germany
Remcos

2019-05-24 ⋅ Fortinet ⋅ Ben Hunter
Uncovering new Activity by APT10
PlugX Quasar RAT

2019-05-20 ⋅ Twitter (@struppigel) ⋅ Karsten Hahn
Tweet on Yggdrasil / CinaRAT
Quasar RAT

2019-05-08 ⋅ Dr.Web ⋅ Dr.Web
A new threat for macOS spreads as WhatsApp
NetWire RC

2019-05-08 ⋅ VMRay ⋅ Francis Montesino
Get Smart with Enhanced Memory Dumping in VMRay Analyzer 3.0
Remcos

2019-05-05 ⋅ GoggleHeadedHacker Blog ⋅ Jacob Pimental
Unpacking NanoCore Sample Using AutoIT
Nanocore RAT

2019-04-16 ⋅ FireEye ⋅ Ben Read, Chi-en Shen, John Hultquist, Oleg Bondarenko
Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People's Republic
Quasar RAT Vermin

2019-04-01 ⋅ ⋅ Macnica Networks ⋅ Macnica Networks
Trends in Cyber Espionage Targeting Japan 2nd Half of 2018
Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy

2019-03-27 ⋅ Symantec ⋅ Security Response Attack Investigation Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33

2019-03-27 ⋅ Symantec ⋅ Critical Attack Discovery and Intelligence Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33

2019-02-14 ⋅ CISA ⋅ CISA
AR18-352A: Quasar Open-Source Remote Administration Tool
Quasar RAT

2019-01-30 ⋅ Samip Pokharel
Analysis of NetWiredRC trojan
NetWire RC

2019-01-01 ⋅ Dragos ⋅ Dragos
Adversary Reports
ALLANITE APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm

2019-01-01 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker
APT 33
APT33

2018-12-21 ⋅ FireEye ⋅ Alex Orleans, Andrew Thompson, Geoff Ackerman, Nick Carr, Rick Cole
OVERRULED: Containing a Potentially Destructive Adversary
POWERTON PoshC2 pupy

2018-12-19 ⋅ McAfee ⋅ Christiaan Beek, Jessica Saavedra-Morales, Thomas Roccia
Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems
Filerase

2018-12-14 ⋅ Symantec ⋅ Critical Attack Discovery and Intelligence Team
Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail
DistTrack Filerase StoneDrill OilRig

2018-10-01 ⋅ ⋅ Macnica Networks ⋅ Macnica Networks
Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018
Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm

2018-08-22 ⋅ Cisco Talos ⋅ Edmund Brumaghin, Eric Kuhla, Holger Unterbrink, Lilia Gonzalez Medina
Picking Apart Remcos Botnet-In-A-Box
Remcos

2018-08-02 ⋅ Palo Alto Networks Unit 42 ⋅ David Fuertes, Josh Grunzweig, Kyle Wilhoit, Robert Falcone
The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT

2018-07-17 ⋅ ESET Research ⋅ Kaspars Osis
A deep dive down the Vermin RAThole
Quasar RAT Sobaken Vermin

2018-06-18 ⋅ Megabeets
Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 2
DROPSHOT

2018-06-07 ⋅ Volexity ⋅ Matthew Meltzer, Sean Koessel, Steven Adair
Patchwork APT Group Targets US Think Tanks
Quasar RAT Unidentified 047 QUILTED TIGER

2018-05-21 ⋅ MegaBeets ⋅ Itay Cohen
Decrypting APT33’s Dropshot Malware with Radare2 and Cutter – Part 1
DROPSHOT

2018-04-18 ⋅ MITRE ⋅ MITRE ATT&CK
APT33
APT33

2018-04-11 ⋅ Cyberbit ⋅ Boris Erbesfeld, Hod Gavriel
New ‘Early Bird’ Code Injection Technique Discovered
TURNEDUP

2018-03-30 ⋅ ⋅ 360 Threat Intelligence ⋅ Qi Anxin Threat Intelligence Center
Analysis of the latest cyber attack activity of the APT organization against sensitive institutions in China
Quasar RAT

2018-03-02 ⋅ KrabsOnSecurity ⋅ Mr. Krabs
Analysing Remcos RAT’s executable
Remcos

2018-03-01 ⋅ Dragos ⋅ Dragos
INDUSTRIAL CONTROL SYSTEM THREATS
APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm

2018-03-01 ⋅ My Online Security ⋅ My Online Security
Fake order spoofed from Finchers ltd Sankyo-Rubber delivers Remcos RAT via ACE attachments
Remcos

2018-02-26 ⋅ Bleeping Computer ⋅ Catalin Cimpanu
Nanocore RAT Author Gets 33 Months in Prison
Nanocore RAT

2018-01-23 ⋅ RiskIQ ⋅ Yonathan Klijnsma
Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors
Remcos

2018-01-01 ⋅ FireEye ⋅ FireEye
APT38
Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group

2017-12-22 ⋅ Malware Traffic Analysis ⋅ Brad Duncan
MALSPAM USES CVE-2017-0199 TO DISTRIBUTE REMCOS RAT
Remcos

2017-12-11 ⋅ Trend Micro ⋅ Cedric Pernet, Daniel Lunghi, Jaromír Hořejší
Untangling the Patchwork Cyberespionage Group
Quasar RAT

2017-12-06 ⋅ Cisco ⋅ Christopher Marczewski, Holger Unterbrink
Recam Redux - DeConfusing ConfuserEx
NetWire RC

2017-09-21 ⋅ FireEye ⋅ Nick Carr, Stuart Davis
APT33: New Insights into Iranian Cyber Espionage Group
APT33

2017-09-20 ⋅ FireEye ⋅ Jacqueline O’Leary, Josiah Kimble, Kelli Vanderlee, Nalani Fraser
Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware
DROPSHOT Nanocore RAT NetWire RC SHAPESHIFT TURNEDUP APT33

2017-07-01 ⋅ Secrary Blog ⋅ lasha
Remcos RAT
Remcos

2017-04-01 ⋅ PricewaterhouseCoopers ⋅ PricewaterhouseCoopers
Operation Cloud Hopper: Technical Annex
ChChes PlugX Quasar RAT RedLeaves Trochilus RAT

2017-02-16 ⋅ SecurityAffairs ⋅ Pierluigi Paganini
Iranian hackers behind the Magic Hound campaign linked to Shamoon
pupy APT35

2017-02-15 ⋅ Secureworks ⋅ SecureWorks' Counter Threat Unit Research Team
Iranian PupyRAT Bites Middle Eastern Organizations
pupy Cleaver

2017-02-15 ⋅ Palo Alto Networks Unit 42 ⋅ Bryan Lee, Robert Falcone
Magic Hound Campaign Attacks Saudi Targets
Leash MPKBot pupy Rocket Kitten

2017-02-14 ⋅ Fortinet ⋅ Floser Bacurio, Joie Salvio
REMCOS: A New RAT In The Wild
Remcos

2017-02-10 ⋅ ⋅ JPCERT/CC ⋅ Shusei Tomonaga
Malware that infects using PowerSploit
pupy

2017-01-30 ⋅ Palo Alto Networks Unit 42 ⋅ Mashav Sapir, Netanel Rimer, Simon Conant, Taras Malivanchuk, Tomer Bar, Yaron Samuel
Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
Quasar RAT

2016-11-28 ⋅ Secureworks ⋅ Incident Reponse Team
NetWire RAT Steals Payment Card Data
NetWire RC

2016-10-20 ⋅ Twitter (@malwrhunterteam) ⋅ MalwareHunterTeam
Tweet on Quasar RAT
Quasar RAT

2016-06-03 ⋅ FireEye ⋅ Sudeep Singh, Yin Hong Chang
APT Group Sends Spear Phishing Emails to Indian Government Officials
BreachRAT DarkComet Operation C-Major

2014-11-26 ⋅ CIRCL ⋅ CIRCL
TR-23 Analysis - NetWiredRC malware
NetWire RC

2014-08-04 ⋅ Palo Alto Networks Unit 42 ⋅ Phil Da Silva, Rob Downs, Ryan Olson
New Release: Decrypting NetWire C2 Traffic
NetWire RC

2012-10-05 ⋅ Malwarebytes ⋅ Adam Kujawa
Dark Comet 2: Electric Boogaloo
DarkComet

2012-06-21 ⋅ Contagio Dump ⋅ Mila Parkour
RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army
BlackShades DarkComet Terminator RAT

2012-06-09 ⋅ Malwarebytes ⋅ Adam Kujawa
You dirty RAT! Part 1: DarkComet
DarkComet

Credits: MISP Project