win.revenge_rat (Back to overview)

Revenge RAT

aka: Revetrat

Actor(s): The Gorgon Group

URLhaus      

There is no description at this point.

References
2020-01-31 ⋅ ReversingLabsRobert Simmons
@online{simmons:20200131:rats:d8a4021, author = {Robert Simmons}, title = {{RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site}}, date = {2020-01-31}, organization = {ReversingLabs}, url = {https://blog.reversinglabs.com/blog/rats-in-the-library}, language = {English}, urldate = {2020-02-03} } RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT
2020-01-19 ⋅ 360kate
@online{kate:20200119:bayworld:2cc2212, author = {kate}, title = {{BayWorld event, Cyber Attack Against Foreign Trade Industry}}, date = {2020-01-19}, organization = {360}, url = {https://blog.360totalsecurity.com/en/bayworld-event-cyber-attack-against-foreign-trade-industry/}, language = {English}, urldate = {2020-02-03} } BayWorld event, Cyber Attack Against Foreign Trade Industry
Azorult Formbook Nanocore RAT Revenge RAT
2019-11-28 ⋅ Kaspersky LabsGReAT
@online{great:20191128:revengehotels:4fd8ea9, author = {GReAT}, title = {{RevengeHotels: cybercrime targeting hotel front desks worldwide}}, date = {2019-11-28}, organization = {Kaspersky Labs}, url = {https://securelist.com/revengehotels/95229/}, language = {English}, urldate = {2020-01-09} } RevengeHotels: cybercrime targeting hotel front desks worldwide
Revenge RAT
2019-11-11 ⋅ Binary DefenseBinary Defense
@online{defense:20191111:revenge:114921b, author = {Binary Defense}, title = {{Revenge Is A Dish Best Served… Obfuscated?}}, date = {2019-11-11}, organization = {Binary Defense}, url = {https://www.binarydefense.com/revenge-is-a-dish-best-served-obfuscated}, language = {English}, urldate = {2020-01-09} } Revenge Is A Dish Best Served… Obfuscated?
Houdini Revenge RAT
2019-09-19 ⋅ NSHCThreatRecon Team
@online{team:20190919:hagga:066e932, author = {ThreatRecon Team}, title = {{Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore}}, date = {2019-09-19}, organization = {NSHC}, url = {https://threatrecon.nshc.net/2019/09/19/sectorh01-continues-abusing-web-services/}, language = {English}, urldate = {2020-01-08} } Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
Nanocore RAT Revenge RAT
2018-08-02 ⋅ Palo Alto Networks Unit 42Robert Falcone, David Fuertes, Josh Grunzweig, Kyle Wilhoit
@online{falcone:20180802:gorgon:06112b1, author = {Robert Falcone and David Fuertes and Josh Grunzweig and Kyle Wilhoit}, title = {{The Gorgon Group: Slithering Between Nation State and Cybercrime}}, date = {2018-08-02}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/}, language = {English}, urldate = {2019-12-20} } The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT
2017-07-08 ⋅ InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20170708:vbscript:e2baa5d, author = {Xavier Mertens}, title = {{A VBScript with Obfuscated Base64 Data}}, date = {2017-07-08}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/22590}, language = {English}, urldate = {2020-01-13} } A VBScript with Obfuscated Base64 Data
Revenge RAT

There is no Yara-Signature yet.