Poet RAT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

py.poet_rat (Back to overview)

Poet RAT

Cisco Talos has discovered a Python-based RAT they call Poet RAT. It is dropped from a Word document and delivered including a Python interpreter and required libraries. The name originates from references to Shakespeare. Exfiltration happens through FTP.

References

2023-03-14 ⋅ Cisco Talos ⋅ Asheer Malhotra, Vitor Ventura
Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Poet RAT Loda Kasablanka YoroTrooper

2021-03-29 ⋅ Dragos ⋅ Dragos
New ICS Threat Activity Group: STIBNITE
Poet RAT

2021-02-18 ⋅ PTSecurity ⋅ PTSecurity
https://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/
Poet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader

2020-12-21 ⋅ Cisco Talos ⋅ JON MUNSHAW
2020: The year in malware
WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader

2020-11-03 ⋅ Kaspersky Labs ⋅ GReAT
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX POISONPLUG Rover ShadowPad SoreFang Winnti

2020-10-06 ⋅ Talos ⋅ Paul Rascagnères, Vitor Ventura, Warren Mercer
PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
Poet RAT

2020-09-24 ⋅ Kaspersky Labs ⋅ Kaspersky Lab ICS CERT
Threat landscape for industrial automation systems - H1 2020
Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake

2020-07-14 ⋅ Cyborg Security ⋅ Austin Jackson
PYTHON MALWARE ON THE RISE
Poet RAT PyLocky SEADADDY

2020-04-16 ⋅ Cisco Talos ⋅ Paul Rascagnères, Vitor Ventura, Warren Mercer
PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
Poet RAT

There is no Yara-Signature yet.

Poet RAT Propose Change

References

Poet RAT