FoalShell (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.foalshell (Back to overview)

FoalShell

Actor(s): YoroTrooper

According to BI.ZONE, FoalShell is a simple reverse shell used by Cavalry Werewolf, written in Go, C++, and C#. FoalShell allows attackers to execute arbitrary commands in the cmd.exe command line interpreter on a compromised host.

References

2025-10-02 ⋅ Medium BI.ZONE ⋅ BI.ZONE
Cavalry Werewolf raids Russia’s public sector with trusted relationship attacks
FoalShell StallionRAT YoroTrooper

There is no Yara-Signature yet.

FoalShell Propose Change

References

FoalShell