Loki RAT (Malware Family)

Loki RAT

This RAT written in Python is an open-source fork of the Ares RAT. This malware integrates additional modules, like recording, lockscreen, and locate options. It was used in a customized form version by El Machete APT in an ongoing champaign since 2020. The original code can be found at: https://github.com/TheGeekHT/Loki.Rat/

References

2023-10-12 ⋅ YouTube (FIRST) ⋅ Aditya K. Sood
"Compromising the Keys to the Kingdom" - Exfiltrating Data to Own and Operate the Exploited Systems
Loki RAT SystemBC

2023-09-12 ⋅ FIRSTCON ⋅ Aditya K. Sood
Compromising the Keys to the Kingdom: Exfiltrating Data to Own and Operate the Exploited Systems (Slides)
Loki RAT SystemBC

2022-03-31 ⋅ Check Point Research
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage
Loki RAT El Machete APT Backdoor Dropper Lyceum .NET DNS Backdoor Lyceum .NET TCP Backdoor Lyceum Golang HTTP Backdoor

There is no Yara-Signature yet.

Loki RAT Propose Change

References

Loki RAT