| SYMBOL | COMMON_NAME | aka. SYNONYMS |
SHADOW-WATER-063 is a financially motivated threat actor attributed to the Banana RAT banking trojan, primarily targeting Brazilian financial accounts. Analysis of recovered artifacts, including a Python panel and PowerShell stagers, supports a moderate-confidence attribution assessment. The actor's infrastructure and endpoint telemetry indicate a focus on executing fraudulent transactions. Key evidentiary pillars establish their intent to exploit Brazilian financial systems.
| 2026-05-19
⋅
Trend Micro
⋅
Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud Banana RAT SHADOW-WATER-063 |