| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made by TrendMicro and others.
| 2024-10-23
⋅
ANY.RUN
⋅
DarkComet RAT: Technical Analysis of Attack Chain DarkComet |
| 2024-08-09
⋅
BreachNova
⋅
Full analysis on NJRAT NjRAT |
| 2024-07-23
⋅
K7 Security
⋅
Threat actors target recent Election Results Crimson RAT |
| 2024-07-09
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update January to June 2024 Coper FluBot Hook Bashlite Mirai FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc NjRAT QakBot Quasar RAT RedLine Stealer Remcos Rhadamanthys RisePro Sliver |
| 2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
| 2024-04-24
⋅
Seqrite
⋅
Pakistani APTs Escalate Attacks on Indian Gov. Seqrite Labs Unveils Threats and Connections AllaKore Crimson RAT |
| 2024-03-19
⋅
Medium b.magnezi
⋅
Malware Analysis NjRat NjRAT |
| 2024-01-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q4 2023 FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver |
| 2023-11-22
⋅
Twitter (@embee_research)
⋅
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples) BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos |
| 2023-11-21
⋅
Medium infoSec Write-ups
⋅
Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1 NjRAT |
| 2023-10-21
⋅
Infosec Writeups
⋅
Malware analysis NJ RAT 0.7NC & 0.6.4 NjRAT |
| 2023-10-12
⋅
Cluster25
⋅
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations Agent Tesla Crimson RAT Nanocore RAT SmokeLoader |
| 2023-10-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2023 FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar |
| 2023-09-18
⋅
SentinelOne
⋅
CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones CapraRAT Operation C-Major |
| 2023-09-12
⋅
Zscaler
⋅
A peek into APT36’s updated arsenal ElizaRAT |
| 2023-07-13
⋅
Brandefense
⋅
APT 36 Campaign – Poseidon Malware Technical Analysis Poseidon Crimson RAT Oblique RAT |
| 2023-07-11
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2023 Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee |
| 2023-05-02
⋅
Seqrite
⋅
Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions Crimson RAT |
| 2023-04-24
⋅
Kaspersky Labs
⋅
Tomiris called, they want their Turla malware back KopiLuwak Andromeda Ave Maria GoldMax JLORAT Kazuar Meterpreter QUIETCANARY RATel Roopy Telemiris tomiris Topinambour Tomiris |
| 2023-04-12
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q1 2023 FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar |
| 2023-04-10
⋅
Check Point
⋅
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee |
| 2023-03-15
⋅
Lab52
⋅
APT-C-36: from NjRAT to LimeRAT AsyncRAT NjRAT |
| 2023-03-07
⋅
ESET Research
⋅
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials CapraRAT |
| 2023-02-23
⋅
Bitdefender
⋅
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 Cobalt Strike DarkComet QuiteRAT RATel |
| 2023-01-24
⋅
Trellix
⋅
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity Andromeda Formbook Houdini Remcos |
| 2023-01-17
⋅
Trend Micro
⋅
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures NjRAT |
| 2023-01-05
⋅
Mandiant
⋅
Turla: A Galaxy of Opportunity KopiLuwak Andromeda QUIETCANARY |
| 2022-12-24
⋅
di.sclosu.re
⋅
njRAT malware spreading through Discord CDN and Facebook Ads NjRAT |
| 2022-11-03
⋅
Zscaler
⋅
APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations LimePad |
| 2022-10-13
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q3 2022 FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm |
| 2022-08-18
⋅
Proofpoint
⋅
Reservations Requested: TA558 Targets Hospitality and Travel AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm |
| 2022-08-17
⋅
⋅
360
⋅
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East SpyNote Loda Nanocore RAT NjRAT |
| 2022-07-13
⋅
Cisco
⋅
Transparent Tribe begins targeting education sector in latest campaign Crimson RAT Oblique RAT |
| 2022-06-21
⋅
Cisco Talos
⋅
Avos ransomware group expands with new attack arsenal AvosLocker Cobalt Strike DarkComet MimiKatz |
| 2022-05-12
⋅
Morphisec
⋅
New SYK Crypter Distributed Via Discord AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer |
| 2022-05-11
⋅
K7 Security
⋅
Transparent Tribe Targets Educational Institution Crimson RAT |
| 2022-05-09
⋅
Blackberry
⋅
Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains DCRat NjRAT |
| 2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
| 2022-04-26
⋅
Trend Micro
⋅
How Cybercriminals Abuse Cloud Tunneling Services AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
| 2022-03-29
⋅
Bleeping Computer
⋅
Hackers use modified MFA tool against Indian govt employees Crimson RAT Oblique RAT |
| 2022-03-29
⋅
Cisco Talos
⋅
Transparent Tribe campaign uses new bespoke malware to target Indian government officials Crimson RAT |
| 2022-03-23
⋅
⋅
EcuCert
⋅
APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador NjRAT APT-C-36 |
| 2022-03-10
⋅
Twitter (@Katechondic)
⋅
Tweet on additional computer names "desktop-g1i8n3f" & "desktop-j6llo2k", seen with Crimson RAT C2 infrastructure used by APT36 Crimson RAT |
| 2022-03-10
⋅
Twitter (@teamcymru_S2)
⋅
Tweet on Crimson RAT infrastructure used by APT36 Crimson RAT |
| 2022-03-09
⋅
Lab52
⋅
Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation NjRAT |
| 2022-02-11
⋅
Cisco Talos
⋅
Threat Roundup for February 4 to February 11 DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
| 2022-02-09
⋅
SentinelOne
⋅
Modified Elephant APT and a Decade of Fabricating Evidence DarkComet Incubator NetWire RC |
| 2022-02-09
⋅
Sentinel LABS
⋅
ModifiedElephant APT and a Decade of Fabricating Evidence DarkComet Incubator NetWire RC ModifiedElephant |
| 2022-02-08
⋅
Intel 471
⋅
PrivateLoader: The first step in many malware schemes Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar |
| 2022-02-03
⋅
forensicitguy
⋅
njRAT Installed from a MSI NjRAT |
| 2022-01-24
⋅
Trend Micro
⋅
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal CapraRAT Crimson RAT Oblique RAT Operation C-Major |
| 2022-01-24
⋅
Trend Micro
⋅
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal Crimson RAT Oblique RAT |
| 2022-01-24
⋅
Trend Micro
⋅
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs) Crimson RAT Oblique RAT |
| 2022-01-12
⋅
Cyber And Ramen blog
⋅
Analysis of njRAT PowerPoint Macros NjRAT |
| 2021-12-22
⋅
Know Chuangyu
⋅
APT Tracking Analytics: Transparent Tribe Attack Activity Crimson RAT |
| 2021-11-30
⋅
CYBER GEEKS All Things Infosec
⋅
Just another analysis of the njRAT malware – A step-by-step approach NjRAT |
| 2021-11-29
⋅
Trend Micro
⋅
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos |
| 2021-11-18
⋅
Red Canary
⋅
Intelligence Insights: November 2021 Andromeda Conti LockBit QakBot Squirrelwaffle |
| 2021-11-11
⋅
Microsoft
⋅
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks AsyncRAT Mekotio NjRAT |
| 2021-11-10
⋅
⋅
AhnLab
⋅
Analysis Report of Lazarus Group’s NukeSped Malware DarkComet Tiger RAT |
| 2021-10-26
⋅
Kaspersky
⋅
APT attacks on industrial organizations in H1 2021 8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy |
| 2021-10-15
⋅
ESET Research
⋅
Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims AsyncRAT NjRAT |
| 2021-10-13
⋅
Anchored Narratives on Threat Intelligence and Geopolitics
⋅
Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor. Crimson RAT |
| 2021-09-20
⋅
Trend Micro
⋅
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT |
| 2021-09-16
⋅
Cisco
⋅
Operation Layover: How we tracked an attack on the aviation industry to five years of compromise AsyncRAT Houdini NjRAT |
| 2021-09-13
⋅
Trend Micro
⋅
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
| 2021-09-13
⋅
Trend Micro
⋅
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs) AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos |
| 2021-09-08
⋅
⋅
Microstep Intelligence Bureau
⋅
Trilateral operation: years of cyberespionage against countries in south asia and the middle east (APT36) AndroRAT Crimson RAT |
| 2021-09-01
⋅
⋅
360 Threat Intelligence Center
⋅
APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert Crimson RAT NetWire RC |
| 2021-08-19
⋅
Talos
⋅
Malicious Campaign Targets Latin America: The seller, The operator and a curious link AsyncRAT NjRAT |
| 2021-07-30
⋅
Menlo Security
⋅
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign AsyncRAT NjRAT |
| 2021-07-12
⋅
IBM
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-12
⋅
Cipher Tech Solutions
⋅
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation 404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos |
| 2021-07-09
⋅
Seqrite
⋅
Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs NjRAT ReverseRAT |
| 2021-07-07
⋅
Talos
⋅
InSideCopy: How this APT continues to evolve its arsenal AllaKore Lilith NjRAT |
| 2021-07-07
⋅
Talos
⋅
InSideCopy: How this APT continues to evolve its arsenal (Network IOCs) AllaKore Lilith NjRAT |
| 2021-07-07
⋅
Talos
⋅
InSideCopy: How this APT continues to evolve its arsenal (IOCs) AllaKore Lilith NjRAT |
| 2021-07-07
⋅
Talos Intelligence
⋅
InSideCopy: How this APT continues to evolve its arsenal AllaKore NjRAT SideCopy |
| 2021-07-02
⋅
Team Cymru
⋅
Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure Crimson RAT |
| 2021-07-02
⋅
Cisco
⋅
InSideCopy: How this APT continues to evolve its arsenal AllaKore CetaRAT Lilith NjRAT ReverseRAT |
| 2021-05-13
⋅
Talos
⋅
Transparent Tribe APT expands its Windows malware arsenal Crimson RAT Oblique RAT |
| 2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
| 2021-04-30
⋅
Cybleinc
⋅
Transparent Tribe Operating with a New Variant of Crimson RAT Crimson RAT |
| 2021-04-27
⋅
Kaspersky
⋅
APT trends report Q1 2021 PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster |
| 2021-04-21
⋅
Facebook
⋅
Taking Action Against Hackers in Palestine SpyNote Houdini NjRAT |
| 2021-04-20
⋅
⋅
360 Threat Intelligence Center
⋅
Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry Crimson RAT |
| 2021-04-16
⋅
Team Cymru
⋅
Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021 Crimson RAT |
| 2021-03-31
⋅
Red Canary
⋅
2021 Threat Detection Report Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot |
| 2021-03-22
⋅
K7 Security
⋅
MalSpam Campaigns Download njRAT from Paste Sites NjRAT |
| 2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-25
⋅
Intezer
⋅
Year of the Gopher A 2020 Go Malware Round-Up NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
| 2021-01-18
⋅
Twitter (@teamcymru)
⋅
Tweet on APT36 CrimsonRAT C2 Crimson RAT |
| 2021-01-11
⋅
ESET Research
⋅
Operation Spalax: Targeted malware attacks in Colombia Agent Tesla AsyncRAT NjRAT Remcos |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-05
⋅
⋅
Sangfor
⋅
Attack from Mustang Panda? My rabbit is back! NjRAT |
| 2020-12-21
⋅
Cisco Talos
⋅
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
| 2020-12-16
⋅
CrowdStrike
⋅
Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response Andromeda |
| 2020-12-10
⋅
Intel 471
⋅
No pandas, just people: The current state of China’s cybercrime underground Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT |
| 2020-12-09
⋅
Palo Alto Networks Unit 42
⋅
njRAT Spreading Through Active Pastebin Command and Control Tunnel NjRAT |
| 2020-12-01
⋅
sonatype
⋅
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted NjRAT |
| 2020-11-09
⋅
Bleeping Computer
⋅
Fake Microsoft Teams updates lead to Cobalt Strike deployment Cobalt Strike DoppelPaymer NjRAT Predator The Thief Zloader |
| 2020-11-03
⋅
Kaspersky Labs
⋅
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti |
| 2020-10-26
⋅
⋅
360 Core Security
⋅
北非狐(APT-C-44)攻击活动揭露 Xtreme RAT Houdini NjRAT Revenge RAT |
| 2020-09-21
⋅
Trend Micro
⋅
Cybercriminals Distribute Backdoor With VPN Installer NjRAT |
| 2020-09-01
⋅
nviso
⋅
Epic Manchego – atypical maldoc delivery brings flurry of infostealers Azorult NjRAT |
| 2020-08-26
⋅
Kaspersky Labs
⋅
Transparent Tribe: Evolution analysis, part 2 AhMyth Crimson RAT Oblique RAT |
| 2020-08-25
⋅
⋅
Qianxin
⋅
南亚APT组织“透明部落”在移动端上与对手的较量 AhMyth Crimson RAT Oblique RAT |
| 2020-08-20
⋅
Kaspersky Labs
⋅
Transparent Tribe: Evolution analysis, part 1 Crimson RAT |
| 2020-08-19
⋅
⋅
AhnLab
⋅
국내 유명 웹하드를 통해 유포되는 njRAT 악성코드 NjRAT |
| 2020-08-01
⋅
⋅
TG Soft
⋅
TG Soft Cyber - Threat Report DarkComet Darktrack RAT Emotet ISFB |
| 2020-07-30
⋅
Spamhaus
⋅
Spamhaus Botnet Threat Update Q2 2020 AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader |
| 2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
| 2020-07-17
⋅
CERT-FR
⋅
The Malware Dridex: Origins and Uses Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus |
| 2020-07-08
⋅
Seqrite
⋅
Operation ‘Honey Trap’: APT36 Targets Defense Organizations in India Crimson RAT |
| 2020-06-22
⋅
njRat Malware Analysis NjRAT |
| 2020-05-14
⋅
SophosLabs
⋅
RATicate: an attacker’s waves of information-stealing malware Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos |
| 2020-03-15
⋅
The Shadowserver Foundation
⋅
Has The Sun Set On The Necurs Botnet? Andromeda Cutwail Kelihos Necurs Pushdo |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-02-21
⋅
Yoroi
⋅
Transparent Tribe: Four Years Later Crimson RAT |
| 2020-01-31
⋅
ReversingLabs
⋅
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT |
| 2020-01-26
⋅
Dark Matter: Uncovering the DarkComet RAT Ecosystem DarkComet |
| 2020-01-01
⋅
Secureworks
⋅
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
| 2020-01-01
⋅
Dragos
⋅
Threat Intelligence and the Limits of Malware Analysis Exaramel Exaramel Industroyer Lookback NjRAT PlugX |
| 2020-01-01
⋅
Secureworks
⋅
COPPER FIELDSTONE Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major |
| 2019-12-24
⋅
Github (itsKindred)
⋅
Bashar Bachir Infection Chain Analysis NjRAT |
| 2019-09-26
⋅
Proofpoint
⋅
New WhiteShadow downloader uses Microsoft SQL to retrieve malware WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos |
| 2019-09-23
⋅
MITRE
⋅
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
| 2019-08-30
⋅
Github (threatland)
⋅
njRAT builders NjRAT |
| 2019-08-01
⋅
Kaspersky Labs
⋅
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2019-03-25
⋅
⋅
360 Core Security
⋅
Patting the Bear (APT-C-37): Exposure of Continued Attacks Against an Armed Organization Houdini NjRAT |
| 2019-03-05
⋅
⋅
Tencent
⋅
TransparentTribe APT organizes 2019 attacks on Indian government and military targets Crimson RAT Unidentified 066 Operation C-Major |
| 2018-08-02
⋅
Palo Alto Networks Unit 42
⋅
The Gorgon Group: Slithering Between Nation State and Cybercrime Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT |
| 2018-07-23
⋅
⋅
360 Threat Intelligence
⋅
Golden Rat Organization-targeted attack in Syria NjRAT APT-C-27 |
| 2018-07-05
⋅
National Critical Information Infrastructure Protection Centre
⋅
NCIIPC Newsletter July 2018 Operation C-Major |
| 2018-07-01
⋅
‘LuminosityLink RAT’ Author Pleads Guilty Luminosity RAT |
| 2018-05-18
⋅
CrowdStrike
⋅
Meet CrowdStrike’s Adversary of the Month for May: MYTHIC LEOPARD Operation C-Major |
| 2018-05-18
⋅
Lookout
⋅
Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials Stealth Mango Stealth Mango and Tangelo |
| 2018-05-15
⋅
Amnesty International
⋅
HUMAN RIGHTS UNDER SURVEILLANCE DIGITAL THREATS AGAINST HUMAN RIGHTS DEFENDERS IN PAKISTAN StealthAgent Crimson RAT |
| 2018-05-15
⋅
Amnesty International
⋅
PAKISTAN: HUMAN RIGHTS UNDER SURVEILLANCE Operation C-Major |
| 2018-05-14
⋅
Lookout
⋅
Stealth Mango & Tangelo Technical Report Stealth Mango |
| 2018-05-01
⋅
FireEye
⋅
M-Trends May 2018: From the field Operation C-Major |
| 2018-02-08
⋅
Virus Bulletin
⋅
A review of the evolution of Andromeda over the years before we say goodbye Andromeda |
| 2018-02-07
⋅
Palo Alto Networks Unit 42
⋅
RAT Trapped? LuminosityLink Falls Foul of Vermin Eradication Efforts Luminosity RAT |
| 2018-01-01
⋅
FireEye
⋅
APT38 Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group |
| 2017-12-04
⋅
Microsoft
⋅
Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda) Andromeda |
| 2017-12-04
⋅
Europol
⋅
Andromeda botnet dismantled in international cyber operation Andromeda |
| 2017-03-13
⋅
Morphisec
⋅
Moving Target Defense Blog Andromeda |
| 2017-01-18
⋅
Cisco
⋅
Finding the RAT’s Nest Luminosity RAT |
| 2016-11-30
⋅
Fortinet
⋅
Bladabindi Remains A Constant Threat By Using Dynamic DNS Services NjRAT |
| 2016-10-26
⋅
Unknown
⋅
Moonlight – Targeted attacks in the Middle East Houdini NjRAT Molerats |
| 2016-07-30
⋅
MalwareNailed
⋅
Luminosity RAT - Re-purposed Luminosity RAT |
| 2016-07-08
⋅
Palo Alto Networks Unit 42
⋅
Investigating the LuminosityLink Remote Access Trojan Configuration Luminosity RAT |
| 2016-06-03
⋅
FireEye
⋅
APT Group Sends Spear Phishing Emails to Indian Government Officials BreachRAT DarkComet Operation C-Major |
| 2016-04-06
⋅
Avast
⋅
Andromeda under the microscope Andromeda |
| 2016-03-25
⋅
Palo Alto Networks Unit 42
⋅
ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe Bozok Operation C-Major |
| 2016-03-01
⋅
Proofpoint
⋅
Operation Transparent Tribe Andromeda beendoor Bezigate Crimson RAT Luminosity RAT Operation C-Major |
| 2016-03-01
⋅
Trend Micro
⋅
Operation C-Major: Information Theft Campaign Targets Military Personnel in India Operation C-Major |
| 2016-01-01
⋅
Cysinfo
⋅
CYBER ATTACK IMPERSONATING IDENTITY OF INDIAN THINK TANK TO TARGET CENTRAL BUREAU OF INVESTIGATION (CBI) AND POSSIBLY INDIAN ARMY OFFICIALS Operation C-Major |
| 2015-09-29
⋅
InfoSec Institute
⋅
Andromeda Bot Analysis part 1 Andromeda |
| 2015-09-29
⋅
InfoSec Institute
⋅
Andromeda Bot Analysis part 2 Andromeda |
| 2015-06-25
⋅
Proofpoint
⋅
Sundown EK Spreads LuminosityLink RAT: Light After Dark Luminosity RAT |
| 2015-04-17
⋅
Eternal Todo
⋅
Andromeda/Gamarue bot loves JSON too (new versions details) Andromeda |
| 2015-04-15
⋅
Knowledge Fragment: Bruteforcing Andromeda Configuration Buffers Andromeda |
| 2015-01-22
⋅
Trend Micro
⋅
New RATs Emerge from Leaked Njw0rm Source Code NjRAT |
| 2013-10-31
⋅
FireEye
⋅
Know Your Enemy: Tracking A Rapidly Evolving APT Actor Bozok Poison Ivy TEMPER PANDA |
| 2013-09-01
⋅
Eternal Todo
⋅
Yet another Andromeda / Gamarue analysis Andromeda |
| 2013-08-01
⋅
Virus Bulletin
⋅
Andromeda 2.7 features Andromeda |
| 2013-03-30
⋅
0xEBFE Blog about life
⋅
Fooled by Andromeda Andromeda |
| 2012-10-05
⋅
Malwarebytes
⋅
Dark Comet 2: Electric Boogaloo DarkComet |
| 2012-06-21
⋅
Contagio Dump
⋅
RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army BlackShades DarkComet Terminator RAT |
| 2012-06-09
⋅
Malwarebytes
⋅
You dirty RAT! Part 1: DarkComet DarkComet |