SYMBOLCOMMON_NAMEaka. SYNONYMS
win.allakore (Back to overview)

AllaKore

AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. It implements the RFB protocol which uses frame buffers and thus is able to send back only the changes of screen frames to the controller, speeding up the transport and visualization control.

References
2023-11-06SeqriteSathwik Ram Prakki
@online{prakki:20231106:sidecopys:03c64cf, author = {Sathwik Ram Prakki}, title = {{SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT}}, date = {2023-11-06}, organization = {Seqrite}, url = {https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/}, language = {English}, urldate = {2023-11-13} } SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT
Action RAT AllaKore
2023-04-19Team CymruS2 Research Team
@online{team:20230419:allakored:9832ba9, author = {S2 Research Team}, title = {{AllaKore(d) the SideCopy Train}}, date = {2023-04-19}, organization = {Team Cymru}, url = {https://www.team-cymru.com/post/allakore-d-the-sidecopy-train}, language = {English}, urldate = {2023-04-22} } AllaKore(d) the SideCopy Train
AllaKore
2023ThreatMonThreatMon Malware Research Team, Seyit Sigirci (@h3xecute)
@online{team:2023:anatomy:bf2e58a, author = {ThreatMon Malware Research Team and Seyit Sigirci (@h3xecute)}, title = {{The Anatomy of a Sidecopy Attack: From RAR Exploits to AllaKore RAT}}, date = {2023}, organization = {ThreatMon}, url = {https://threatmon.io/the-anatomy-of-a-sidecopy-attack-from-rar-exploits-to-allakore-rat/}, language = {English}, urldate = {2023-11-22} } The Anatomy of a Sidecopy Attack: From RAR Exploits to AllaKore RAT
AllaKore
2021-10-26KasperskyKaspersky Lab ICS CERT
@techreport{cert:20211026:attacks:6f30d0f, author = {Kaspersky Lab ICS CERT}, title = {{APT attacks on industrial organizations in H1 2021}}, date = {2021-10-26}, institution = {Kaspersky}, url = {https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-APT-attacks-on-industrial-organizations-in-H1-2021-En.pdf}, language = {English}, urldate = {2021-11-08} } APT attacks on industrial organizations in H1 2021
8.t Dropper AllaKore AsyncRAT GoldMax LimeRAT NjRAT NoxPlayer Raindrop ReverseRAT ShadowPad Zebrocy
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:ac5b778, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (Network IOCs)
AllaKore Lilith NjRAT
2021-07-07TalosAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:e6b25bb, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal (IOCs)}}, date = {2021-07-07}, organization = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/592/original/Hashes_IOCs_for_coverage.txt}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal (IOCs)
AllaKore Lilith NjRAT
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:eca169d, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2021/07/sidecopy.html}, language = {English}, urldate = {2021-07-08} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2021-07-07TalosAsheer Malhotra, Justin Thattil
@techreport{malhotra:20210707:insidecopy:107d438, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, institution = {Talos}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf}, language = {English}, urldate = {2021-07-09} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore Lilith NjRAT
2021-07-02CiscoAsheer Malhotra, Justin Thattil
@online{malhotra:20210702:insidecopy:c85188c, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-02}, organization = {Cisco}, url = {https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388}, language = {English}, urldate = {2022-01-25} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore CetaRAT Lilith NjRAT ReverseRAT
2020-09-23SeqriteKalpesh Mantri, Pawan CHaudhari, Goutam Tripathy
@techreport{mantri:20200923:operation:1bb33e6, author = {Kalpesh Mantri and Pawan CHaudhari and Goutam Tripathy}, title = {{Operation SideCopy: An insight into Transparent Tribe’s sub-division which has been incorrectly attributed for years}}, date = {2020-09-23}, institution = {Seqrite}, url = {https://www.seqrite.com/documents/en/white-papers/Seqrite-WhitePaper-Operation-SideCopy.pdf}, language = {English}, urldate = {2020-09-25} } Operation SideCopy: An insight into Transparent Tribe’s sub-division which has been incorrectly attributed for years
CACTUSTORCH AllaKore
2019-12-31Twitter (@_re_fox)_re_fox
@online{refox:20191231:allakore:22a8e0a, author = {_re_fox}, title = {{Tweet on AllaKore indicators}}, date = {2019-12-31}, organization = {Twitter (@_re_fox)}, url = {https://twitter.com/_re_fox/status/1212070711206064131}, language = {English}, urldate = {2020-01-06} } Tweet on AllaKore indicators
AllaKore
2019-07-08Medium SebdravenSébastien Larinier
@online{larinier:20190708:copy:99b120f, author = {Sébastien Larinier}, title = {{Copy cat of APT Sidewinder ?}}, date = {2019-07-08}, organization = {Medium Sebdraven}, url = {https://sebdraven.medium.com/copy-cat-of-apt-sidewinder-1893059ca68d}, language = {English}, urldate = {2023-04-22} } Copy cat of APT Sidewinder ?
AllaKore SideCopy
2015-10-19Github (Anderson-D)Anderson D
@online{d:20151019:github:b15ea7e, author = {Anderson D}, title = {{Github Repository for AllaKore}}, date = {2015-10-19}, organization = {Github (Anderson-D)}, url = {https://github.com/Anderson-D/AllaKore}, language = {English}, urldate = {2020-01-08} } Github Repository for AllaKore
AllaKore

There is no Yara-Signature yet.