SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.orat (Back to overview)

oRAT


SentinelOne describes this as a malware written in Go, mixing own custom code with code from public repositories.

References
2022-05-23Trend MicroDaniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20220523:operation:e3c402b, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Earth Berberoka}}, date = {2022-05-23}, institution = {Trend Micro}, url = {https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-berberoka.pdf}, language = {English}, urldate = {2022-07-25} } Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka
2022-05-09Dinesh Devadoss, Phil Stokes
@online{devadoss:20220509:from:d580095, author = {Dinesh Devadoss and Phil Stokes}, title = {{From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win}}, date = {2022-05-09}, url = {https://www.sentinelone.com/blog/from-the-front-lines-unsigned-macos-orat-malware-gambles-for-the-win/}, language = {English}, urldate = {2022-05-11} } From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
oRAT
2022-04-27TrendmicroDaniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20220427:operation:bdba881, author = {Daniel Lunghi and Jaromír Hořejší}, title = {{Operation Gambling Puppet}}, date = {2022-04-27}, institution = {Trendmicro}, url = {https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-40-LunghiHorejsi.pdf}, language = {English}, urldate = {2022-07-25} } Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka
2022-04-27TrendmicroTrendmicro
@online{trendmicro:20220427:iocs:0e6090d, author = {Trendmicro}, title = {{IOCs for Earth Berberoka - MacOS}}, date = {2022-04-27}, organization = {Trendmicro}, url = {https://documents.trendmicro.com/assets/txt/earth-berberoka-macos-iocs-2.txt}, language = {English}, urldate = {2022-07-25} } IOCs for Earth Berberoka - MacOS
oRAT Earth Berberoka

There is no Yara-Signature yet.