SYMBOLCOMMON_NAMEaka. SYNONYMS
py.poet_rat (Back to overview)

Poet RAT


Cisco Talos has discovered a Python-based RAT they call Poet RAT. It is dropped from a Word document and delivered including a Python interpreter and required libraries. The name originates from references to Shakespeare. Exfiltration happens through FTP.

References
2020-11-03Kaspersky LabsGReAT
@online{great:20201103:trends:febc159, author = {GReAT}, title = {{APT trends report Q3 2020}}, date = {2020-11-03}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q3-2020/99204/}, language = {English}, urldate = {2020-11-04} } APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti
2020-10-06TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201006:poetrat:17f845e, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PoetRAT: Malware targeting public and private sector in Azerbaijan evolves}}, date = {2020-10-06}, organization = {Talos}, url = {https://blog.talosintelligence.com/2020/10/poetrat-update.html}, language = {English}, urldate = {2020-10-07} } PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
Poet RAT
2020-09-24Kaspersky LabsKaspersky Lab ICS CERT
@techreport{cert:20200924:threat:2d7986d, author = {Kaspersky Lab ICS CERT}, title = {{Threat landscape for industrial automation systems - H1 2020}}, date = {2020-09-24}, institution = {Kaspersky Labs}, url = {https://ics-cert.kaspersky.com/media/KASPERSKY_H1_2020_ICS_REPORT_EN.pdf}, language = {English}, urldate = {2020-10-04} } Threat landscape for industrial automation systems - H1 2020
Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake Ransomware
2020-04-16Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20200416:poetrat:ab5659a, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors}}, date = {2020-04-16}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html}, language = {English}, urldate = {2020-05-05} } PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
Poet RAT

There is no Yara-Signature yet.