SYMBOLCOMMON_NAMEaka. SYNONYMS

Operation C-Major  (Back to overview)

aka: APT 36, APT36, C-Major, COPPER FIELDSTONE, Earth Karkaddan, Green Havildar, Mythic Leopard, ProjectM, TMP.Lapis, Transparent Tribe

Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made by TrendMicro and others.


Associated Families
apk.capra_rat apk.stealthmango win.andromeda win.beendoor win.bezigate win.bozok win.breach_rat win.crimson win.darkcomet win.eliza_rat win.limepad win.luminosity_rat win.njrat win.peppy_rat win.unidentified_066

References
2024-05-14Check Point ResearchAntonis Terefos, Tera0017
Foxit PDF “Flawed Design” Exploitation
Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm
2024-04-24SeqriteSathwik Ram Prakki
Pakistani APTs Escalate Attacks on Indian Gov. Seqrite Labs Unveils Threats and Connections
AllaKore Crimson RAT
2024-03-19Medium b.magnezi0xMrMagnezi
Malware Analysis NjRat
NjRAT
2024-01-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver
2023-11-22Twitter (@embee_research)Embee_research
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
2023-11-21Medium infoSec Write-upsJustAnother-Engineer
Unmasking NJRat: A Deep Dive into a Notorious Remote Access Trojan Part1
NjRAT
2023-10-21Infosec WriteupsOsama Ellahi
Malware analysis NJ RAT 0.7NC & 0.6.4
NjRAT
2023-10-12Cluster25Cluster25 Threat Intel Team
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Agent Tesla Crimson RAT Nanocore RAT SmokeLoader
2023-10-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2023
FluBot AsyncRAT Ave Maria Cobalt Strike DCRat Havoc IcedID ISFB Nanocore RAT NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Stealc Tofsee Vidar
2023-09-18SentinelOneAlex Delamotte
CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
CapraRAT Operation C-Major
2023-09-12ZscalerSudeep Singh
A peek into APT36’s updated arsenal
ElizaRAT
2023-07-11SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-05-02SeqriteSathwik Ram Prakki
Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions
Crimson RAT
2023-04-24Kaspersky LabsIvan Kwiatkowski, Pierre Delcher
Tomiris called, they want their Turla malware back
KopiLuwak Andromeda Ave Maria GoldMax JLORAT Kazuar Meterpreter QUIETCANARY RATel Roopy Telemiris tomiris Topinambour Tomiris
2023-04-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-04-10Check PointCheck Point
March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee
2023-03-15Lab52Lab52
APT-C-36: from NjRAT to LimeRAT
AsyncRAT NjRAT
2023-03-07ESET ResearchLukáš Štefanko
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
CapraRAT
2023-02-23BitdefenderBitdefender Team, Martin Zugec
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
Cobalt Strike DarkComet QuiteRAT RATel
2023-01-24TrellixDaksh Kapur, John Fokker, Robert Venal, Tomer Shloman
Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-17Trend MicroAliakbar Zahravi, Peter Girnus
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
NjRAT
2023-01-05MandiantEduardo Mattos, Gabby Roncone, John Wolfram, Sarah Hawley, Tyler McLellan
Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY
2022-12-24di.sclosu.redi.sclosu.re
njRAT malware spreading through Discord CDN and Facebook Ads
NjRAT
2022-11-03ZscalerSudeep Singh
APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
LimePad
2022-10-13SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q3 2022
FluBot Arkei Stealer AsyncRAT Ave Maria BumbleBee Cobalt Strike DCRat Dridex Emotet Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT QakBot RecordBreaker RedLine Stealer Remcos Socelars Tofsee Vjw0rm
2022-08-18ProofpointJoe Wise, Proofpoint Threat Research Team, Selena Larson
Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm
2022-08-17360360 Threat Intelligence Center
Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT
2022-07-13CiscoNick Biasini
Transparent Tribe begins targeting education sector in latest campaign
Crimson RAT Oblique RAT
2022-06-21Cisco TalosChris Neal, Flavio Costa, Guilherme Venere
Avos ransomware group expands with new attack arsenal
AvosLocker Cobalt Strike DarkComet MimiKatz
2022-05-12MorphisecHido Cohen
New SYK Crypter Distributed Via Discord
AsyncRAT Ave Maria Nanocore RAT NjRAT Quasar RAT RedLine Stealer
2022-05-11K7 SecuritySaikumaravel
Transparent Tribe Targets Educational Institution
Crimson RAT
2022-05-09BlackberryThe BlackBerry Research & Intelligence Team
Dirty Deeds Done Dirt Cheap: Russian RAT Offers Backdoor Bargains
DCRat NjRAT
2022-04-27ANSSIANSSI
LE GROUPE CYBERCRIMINEL FIN7
Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot
2022-04-26Trend MicroLord Alfred Remorin, Ryan Flores, Stephen Hilt
How Cybercriminals Abuse Cloud Tunneling Services
AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT
2022-03-29Bleeping ComputerBill Toulas
Hackers use modified MFA tool against Indian govt employees
Crimson RAT Oblique RAT
2022-03-29Cisco TalosAsheer Malhotra, Justin Thattil, Kendall McKay
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
Crimson RAT
2022-03-23EcuCertEcuCert
APT-C-36 Advanced Persistent Threat Campaign Could be present in Ecuador
NjRAT APT-C-36
2022-03-10Twitter (@Katechondic)Katechondic
Tweet on additional computer names "desktop-g1i8n3f" & "desktop-j6llo2k", seen with Crimson RAT C2 infrastructure used by APT36
Crimson RAT
2022-03-10Twitter (@teamcymru_S2)Team Cymru
Tweet on Crimson RAT infrastructure used by APT36
Crimson RAT
2022-03-09Lab52Lab52
Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation
NjRAT
2022-02-11Cisco TalosTalos
Threat Roundup for February 4 to February 11
DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus
2022-02-09SentinelOneJuan Andrés Guerrero-Saade, Tom Hegel
Modified Elephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC
2022-02-09Sentinel LABSTom Hegel
ModifiedElephant APT and a Decade of Fabricating Evidence
DarkComet Incubator NetWire RC ModifiedElephant
2022-02-08Intel 471Intel 471
PrivateLoader: The first step in many malware schemes
Dridex Kronos LockBit Nanocore RAT NjRAT PrivateLoader Quasar RAT RedLine Stealer Remcos SmokeLoader STOP Tofsee TrickBot Vidar
2022-02-03forensicitguyTony Lambert
njRAT Installed from a MSI
NjRAT
2022-01-24Trend MicroTrend Micro
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
CapraRAT Crimson RAT Oblique RAT Operation C-Major
2022-01-24Trend MicroTrend Micro
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal
Crimson RAT Oblique RAT
2022-01-24Trend MicroTrend Micro
Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal (IOCs)
Crimson RAT Oblique RAT
2022-01-12Cyber And Ramen blogMike R
Analysis of njRAT PowerPoint Macros
NjRAT
2021-12-22Know ChuangyuKnow Chuangyu
APT Tracking Analytics: Transparent Tribe Attack Activity
Crimson RAT
2021-11-30CYBER GEEKS All Things InfosecCyberMasterV
Just another analysis of the njRAT malware – A step-by-step approach
NjRAT
2021-11-29Trend MicroJaromír Hořejší
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites
AsyncRAT Azorult Nanocore RAT NjRAT RedLine Stealer Remcos
2021-11-18Red CanaryThe Red Canary Team
Intelligence Insights: November 2021
Andromeda Conti LockBit QakBot Squirrelwaffle
2021-11-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
AsyncRAT Mekotio NjRAT
2021-11-10AhnLabASEC Analysis Team
Analysis Report of Lazarus Group’s NukeSped Malware
DarkComet Tiger RAT
2021-10-26KasperskyKaspersky Lab ICS CERT
APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy
2021-10-15ESET ResearchESET Research
Tweet on a malicious campaign targeting governmental and education entities in Colombia using multiple stages to drop AsyncRAT or njRAT Keylogger on their victims
AsyncRAT NjRAT
2021-10-13Anchored Narratives on Threat Intelligence and GeopoliticsRJM
Trouble in Asia and the Middle East. Tracking the TransparentTribe threat actor.
Crimson RAT
2021-09-20Trend MicroAliakbar Zahravi, William Gamazo Sanchez
Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads
Ave Maria BitRAT LimeRAT Nanocore RAT NjRAT Quasar RAT
2021-09-16CiscoTiago Pereira, Vitor Ventura
Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
AsyncRAT Houdini NjRAT
2021-09-13Trend MicroDaniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos
2021-09-13Trend MicroDaniel Lunghi, Jaromír Hořejší
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (IOCs)
AsyncRAT Ave Maria BitRAT Imminent Monitor RAT LimeRAT NjRAT Remcos
2021-09-08Microstep Intelligence BureauMicrostep Online Research Response Center
Trilateral operation: years of cyberespionage against countries in south asia and the middle east (APT36)
AndroRAT Crimson RAT
2021-09-01360 Threat Intelligence CenterAdvanced Threat Institute
APT-C-56 (Transparent Tribe) Latest Attack Analysis and Associated Suspected Gorgon Group Attack Analysis Alert
Crimson RAT NetWire RC
2021-08-19TalosAsheer Malhotra, Vanja Svajcer, Vitor Ventura
Malicious Campaign Targets Latin America: The seller, The operator and a curious link
AsyncRAT NjRAT
2021-07-30Menlo SecurityMENLO Security
ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign
AsyncRAT NjRAT
2021-07-12IBMClaire Zaboeva, Dan Dash, Melissa Frydrych
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-12Cipher Tech SolutionsClaire Zaboeva, Dan Dash, Melissa Frydrych
RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation
404 Keylogger Agent Tesla AsyncRAT Ave Maria Azorult BitRAT Formbook HawkEye Keylogger Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Quasar RAT RedLine Stealer Remcos
2021-07-09SeqriteChaitanya Haritash, Nihar Deshpande, Shayak Tarafdar
Seqrite uncovers second wave of Operation SideCopy targeting Indian critical infrastructure PSUs
NjRAT ReverseRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2021-07-02Team CymruJoshua Picolet
Transparent Tribe APT Infrastructure Mapping Part 2: A Deeper Dive into the Identification of CrimsonRAT Infrastructure
Crimson RAT
2021-07-02CiscoAsheer Malhotra, Justin Thattil
InSideCopy: How this APT continues to evolve its arsenal
AllaKore CetaRAT Lilith NjRAT ReverseRAT
2021-05-13TalosAsheer Malhotra, Justin Thattil, Kendall McKay
Transparent Tribe APT expands its Windows malware arsenal
Crimson RAT Oblique RAT
2021-05-05ZscalerAniruddha Dolas, Manohar Ghule, Mohd Sadique
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats
Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos
2021-04-30Cybleinccybleinc
Transparent Tribe Operating with a New Variant of Crimson RAT
Crimson RAT
2021-04-27KasperskyGReAT
APT trends report Q1 2021
PAS Artra Downloader BadNews Bozok DILLJUICE Kazuar Quasar RAT SodaMaster
2021-04-21FacebookDavid Agranovich, Mike Dvilyanski
Taking Action Against Hackers in Palestine
SpyNote Houdini NjRAT
2021-04-20360 Threat Intelligence CenterAdvanced Threat Institute
Transparent Tribe uses the new crown vaccine hotspot to analyze the targeted attacks on the Indian medical industry
Crimson RAT
2021-04-16Team CymruJoshua Picolet
Transparent Tribe APT Infrastructure Mapping Part 1: A High-Level Study of CrimsonRAT Infrastructure October 2020 – March 2021
Crimson RAT
2021-03-31Red CanaryRed Canary
2021 Threat Detection Report
Shlayer Andromeda Cobalt Strike Dridex Emotet IcedID MimiKatz QakBot TrickBot
2021-03-22K7 SecurityMary Muthu Francisca
MalSpam Campaigns Download njRAT from Paste Sites
NjRAT
2021-03-21BlackberryBlackberry Research
2021 Threat Report
Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2021-02-25IntezerIntezer
Year of the Gopher A 2020 Go Malware Round-Up
NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy
2021-01-18Twitter (@teamcymru)Team Cymru
Tweet on APT36 CrimsonRAT C2
Crimson RAT
2021-01-11ESET ResearchMatías Porolli
Operation Spalax: Targeted malware attacks in Colombia
Agent Tesla AsyncRAT NjRAT Remcos
2021-01-09Marco Ramilli's BlogMarco Ramilli
Command and Control Traffic Patterns
ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot
2021-01-05SangforClairvoyance Safety Laboratory
Attack from Mustang Panda? My rabbit is back!
NjRAT
2020-12-21Cisco TalosJON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader
2020-12-16CrowdStrikeDavid Rojas, Mark Robinson
Hiding in Plain Sight: Remediating “Hidden” Malware with Real Time Response
Andromeda
2020-12-10Intel 471Intel 471
No pandas, just people: The current state of China’s cybercrime underground
Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT
2020-12-09Palo Alto Networks Unit 42Chris Navarrete, Haozhe Zhang, Yanhui Jia
njRAT Spreading Through Active Pastebin Command and Control Tunnel
NjRAT
2020-12-01sonatypeAx Sharma
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
NjRAT
2020-11-09Bleeping ComputerIonut Ilascu
Fake Microsoft Teams updates lead to Cobalt Strike deployment
Cobalt Strike DoppelPaymer NjRAT Predator The Thief Zloader
2020-11-03Kaspersky LabsGReAT
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-10-26360 Core Security360
北非狐(APT-C-44)攻击活动揭露
Xtreme RAT Houdini NjRAT Revenge RAT
2020-09-21Trend MicroRaphael Centeno
Cybercriminals Distribute Backdoor With VPN Installer
NjRAT
2020-09-01nvisoBart Parys, Didier Stevens, Dries Boone, Maxime Thiebaut, Michel Coene
Epic Manchego – atypical maldoc delivery brings flurry of infostealers
Azorult NjRAT
2020-08-26Kaspersky LabsGiampaolo Dedola
Transparent Tribe: Evolution analysis, part 2
AhMyth Crimson RAT Oblique RAT
2020-08-25QianxinQi'anxin Threat Intelligence
南亚APT组织“透明部落”在移动端上与对手的较量
AhMyth Crimson RAT Oblique RAT
2020-08-20Kaspersky LabsGiampaolo Dedola
Transparent Tribe: Evolution analysis, part 1
Crimson RAT
2020-08-19AhnLabAhnLab ASEC 분석팀
국내 유명 웹하드를 통해 유포되는 njRAT 악성코드
NjRAT
2020-08-01TG SoftTG Soft
TG Soft Cyber - Threat Report
DarkComet Darktrack RAT Emotet ISFB
2020-07-30SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2020
AdWind Agent Tesla Arkei Stealer AsyncRAT Ave Maria Azorult DanaBot Emotet IcedID ISFB KPOT Stealer Loki Password Stealer (PWS) Nanocore RAT NetWire RC NjRAT Pony Raccoon RedLine Stealer Remcos Zloader
2020-07-29ESET Researchwelivesecurity
THREAT REPORT Q2 2020
DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor
2020-07-17CERT-FRCERT-FR
The Malware Dridex: Origins and Uses
Andromeda CryptoLocker Cutwail DoppelPaymer Dridex Emotet FriedEx Gameover P2P Gandcrab ISFB Murofet Necurs Predator The Thief Zeus
2020-07-08SeqriteKalpesh Mantri
Operation ‘Honey Trap’: APT36 Targets Defense Organizations in India
Crimson RAT
2020-06-22Anurag
njRat Malware Analysis
NjRAT
2020-05-14SophosLabsMarkel Picado
RATicate: an attacker’s waves of information-stealing malware
Agent Tesla BetaBot BlackRemote Formbook Loki Password Stealer (PWS) NetWire RC NjRAT Remcos
2020-03-15The Shadowserver FoundationShadowserver Foundation
Has The Sun Set On The Necurs Botnet?
Andromeda Cutwail Kelihos Necurs Pushdo
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-02-21YoroiAntonio Pirozzi, Luigi Martire, Pietro Melillo
Transparent Tribe: Four Years Later
Crimson RAT
2020-01-31ReversingLabsRobert Simmons
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT
2020-01-26Brown Farinholt, Damon McCoy, Kirill Levchenko, Mohammad Rezaeirad
Dark Matter: Uncovering the DarkComet RAT Ecosystem
DarkComet
2020-01-01SecureworksSecureWorks
ALUMINUM SARATOGA
BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats
2020-01-01DragosJoe Slowik
Threat Intelligence and the Limits of Malware Analysis
Exaramel Exaramel Industroyer Lookback NjRAT PlugX
2020-01-01SecureworksSecureWorks
COPPER FIELDSTONE
Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major
2019-12-24Github (itsKindred)Derek Kleinhen
Bashar Bachir Infection Chain Analysis
NjRAT
2019-09-26ProofpointBryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team
New WhiteShadow downloader uses Microsoft SQL to retrieve malware
WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos
2019-09-23MITREMITRE ATT&CK
APT41
Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41
2019-08-30Github (threatland)ThreatLand
njRAT builders
NjRAT
2019-08-01Kaspersky LabsGReAT
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
2019-03-27SymantecSecurity Response Attack Investigation Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33
2019-03-27SymantecCritical Attack Discovery and Intelligence Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33
2019-03-25360 Core Securityzhanghao-ms
Patting the Bear (APT-C-37): Exposure of Continued Attacks Against an Armed Organization
Houdini NjRAT
2019-03-05TencentTencent
TransparentTribe APT organizes 2019 attacks on Indian government and military targets
Crimson RAT Unidentified 066 Operation C-Major
2018-08-02Palo Alto Networks Unit 42David Fuertes, Josh Grunzweig, Kyle Wilhoit, Robert Falcone
The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT
2018-07-23360 Threat IntelligenceQi Anxin Threat Intelligence Center
Golden Rat Organization-targeted attack in Syria
NjRAT APT-C-27
2018-07-05National Critical Information Infrastructure Protection CentreNational Critical Information Infrastructure Protection Centre
NCIIPC Newsletter July 2018
Operation C-Major
2018-07-01Brian Krebs
‘LuminosityLink RAT’ Author Pleads Guilty
Luminosity RAT
2018-05-18CrowdStrikeAdam Meyers
Meet CrowdStrike’s Adversary of the Month for May: MYTHIC LEOPARD
Operation C-Major
2018-05-18LookoutAndrew Blaich, Michael Flossman
Stealth Mango and Tangelo: Nation state mobile surveillanceware stealing data from military & government officials
Stealth Mango Stealth Mango and Tangelo
2018-05-15Amnesty InternationalBrave
HUMAN RIGHTS UNDER SURVEILLANCE DIGITAL THREATS AGAINST HUMAN RIGHTS DEFENDERS IN PAKISTAN
StealthAgent Crimson RAT
2018-05-15Amnesty InternationalAmnesty International
PAKISTAN: HUMAN RIGHTS UNDER SURVEILLANCE
Operation C-Major
2018-05-14LookoutLookout
Stealth Mango & Tangelo Technical Report
Stealth Mango
2018-05-01FireEyeAnca Holban
M-Trends May 2018: From the field
Operation C-Major
2018-02-08Virus BulletinBahare Sabouri, He Xu
A review of the evolution of Andromeda over the years before we say goodbye
Andromeda
2018-02-07Palo Alto Networks Unit 42Simon Conant
RAT Trapped? LuminosityLink Falls Foul of Vermin Eradication Efforts
Luminosity RAT
2018-01-01FireEyeFireEye
APT38
Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group
2017-12-04MicrosoftMicrosoft Defender ATP Research Team, Microsoft Digital Crimes Unit
Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
Andromeda
2017-12-04EuropolEuropol
Andromeda botnet dismantled in international cyber operation
Andromeda
2017-03-13MorphisecRoy Moshailov
Moving Target Defense Blog
Andromeda
2017-01-18CiscoAndrea Scarfo
Finding the RAT’s Nest
Luminosity RAT
2016-11-30FortinetLilia Elena Gonzalez Medina
Bladabindi Remains A Constant Threat By Using Dynamic DNS Services
NjRAT
2016-10-26UnknownChris Doman
Moonlight – Targeted attacks in the Middle East
Houdini NjRAT Molerats
2016-07-30MalwareNailedFaisal AM Qureshi
Luminosity RAT - Re-purposed
Luminosity RAT
2016-07-08Palo Alto Networks Unit 42Josh Grunzweig
Investigating the LuminosityLink Remote Access Trojan Configuration
Luminosity RAT
2016-06-03FireEyeSudeep Singh, Yin Hong Chang
APT Group Sends Spear Phishing Emails to Indian Government Officials
BreachRAT DarkComet Operation C-Major
2016-04-06AvastThreat Intelligence Team
Andromeda under the microscope
Andromeda
2016-03-25Palo Alto Networks Unit 42Robert Falcone, Simon Conant
ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe
Bozok Operation C-Major
2016-03-01ProofpointDarien Huss
Operation Transparent Tribe
Andromeda beendoor Bezigate Crimson RAT Luminosity RAT Operation C-Major
2016-03-01Trend MicroDavid Sancho, Feike Hacquebord
Operation C-Major: Information Theft Campaign Targets Military Personnel in India
Operation C-Major
2016-01-01CysinfoMonnappa K A
CYBER ATTACK IMPERSONATING IDENTITY OF INDIAN THINK TANK TO TARGET CENTRAL BUREAU OF INVESTIGATION (CBI) AND POSSIBLY INDIAN ARMY OFFICIALS
Operation C-Major
2015-09-29InfoSec InstituteAyoub Faouzi
Andromeda Bot Analysis part 1
Andromeda
2015-09-29InfoSec InstituteAyoub Faouzi
Andromeda Bot Analysis part 2
Andromeda
2015-06-25ProofpointProofpoint Staff
Sundown EK Spreads LuminosityLink RAT: Light After Dark
Luminosity RAT
2015-04-17Eternal TodoJose Miguel Esparza
Andromeda/Gamarue bot loves JSON too (new versions details)
Andromeda
2015-04-15ByteAtlas
Knowledge Fragment: Bruteforcing Andromeda Configuration Buffers
Andromeda
2015-01-22Trend MicroMichael Marcos
New RATs Emerge from Leaked Njw0rm Source Code
NjRAT
2013-10-31FireEyeNed Moran, Thoufique Haq
Know Your Enemy: Tracking A Rapidly Evolving APT Actor
Bozok Poison Ivy TEMPER PANDA
2013-09-01Eternal TodoJose Miguel Esparza
Yet another Andromeda / Gamarue analysis
Andromeda
2013-08-01Virus BulletinSuweera De Souza
Andromeda 2.7 features
Andromeda
2013-03-300xEBFE Blog about life0xEBFE
Fooled by Andromeda
Andromeda
2012-10-05MalwarebytesAdam Kujawa
Dark Comet 2: Electric Boogaloo
DarkComet
2012-06-21Contagio DumpMila Parkour
RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army
BlackShades DarkComet Terminator RAT
2012-06-09MalwarebytesAdam Kujawa
You dirty RAT! Part 1: DarkComet
DarkComet

Credits: MISP Project