CastleRAT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.castle_rat (Back to overview)

CastleRAT

According to Recorded Future, CastleRAT's core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell.

References

2025-09-04 ⋅ Recorded Future ⋅ Insikt Group
From CastleLoader to CastleRAT: TAG-150 Advances Operations with Multi-Tiered Infrastructure
CastleRAT

There is no Yara-Signature yet.

CastleRAT Propose Change

References

CastleRAT