Dark Caracal  (Back to overview)

aka: G0070

Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen data includes enterprise intellectual property and personally identifiable information.

Associated Families
jar.crossrat win.bandook

2023-12-21FortinetPei Han Liao
Bandook - A Persistent Threat That Keeps Evolving
2023-02-10Electronic Frontier FoundationCooper Quintin
Uncle Sow: Dark Caracal in Latin America
2021-07-19ProofpointJoe Wise, Konstantin Klinger, Proofpoint Threat Research Team, Selena Larson
New Threat Actor Uses Spanish Language Lures to Distribute Seldom Observed Bandook Malware
Bandook Caliente Bandits
2021-07-07ESET ResearchFernando Tavella, Matías Porolli
Bandidos at large: A spying campaign in Latin America
2020-12-10Electronic Frontier FoundationCooper Quintin, Eva Galperin
Dark Caracal: You Missed a Spot
2020-11-26CheckpointCheck Point Research
Bandook: Signed & Delivered
2020-11-26Check PointCheckpoint Research
Bandook: Signed & Delivered
Bandook Dark Caracal
Group description: Dark Caracal
Dark Caracal
2018-01-24Objective-SeePatrick Wardle
Analyzing CrossRAT: A cross-platform implant, utilized in a global cyber-espionage campaign
2018-01-18LookoutAndrew Blaich, Apurva Kumar, Cooper Quintin, Eva Galperin, Jeremy Richards, Michael Flossman
Dark Caracal: Cyber-espionage at a Global Scal
CrossRAT Bandook Dark Caracal
2016-08-01Electronic Frontier FoundationClaudio Guarnieri, Cooper Quintin, Eva Galperin, Morgan Marquis-Boire
Operation Manul
jRAT Bandook

Credits: MISP Project