SYMBOLCOMMON_NAMEaka. SYNONYMS
win.revenge_rat (Back to overview)

Revenge RAT

aka: Revetrat

Actor(s): The Gorgon Group

URLhaus      

There is no description at this point.

References
2021-05-20Github (microsoft)Microsoft
@online{microsoft:20210520:microsoft:41112d3, author = {Microsoft}, title = {{Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares}}, date = {2021-05-20}, organization = {Github (microsoft)}, url = {https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries}, language = {English}, urldate = {2021-05-25} } Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy
2021-05-14MorphisecArnold Osipov
@online{osipov:20210514:ahk:2da8d24, author = {Arnold Osipov}, title = {{AHK RAT Loader Used in Unique Delivery Campaigns}}, date = {2021-05-14}, organization = {Morphisec}, url = {https://blog.morphisec.com/ahk-rat-loader-leveraged-in-unique-delivery-campaigns}, language = {English}, urldate = {2021-05-17} } AHK RAT Loader Used in Unique Delivery Campaigns
AsyncRAT Houdini Revenge RAT
2021-05-07MorphisecNadav Lorber
@online{lorber:20210507:revealing:add3b8a, author = {Nadav Lorber}, title = {{Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader}}, date = {2021-05-07}, organization = {Morphisec}, url = {https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader}, language = {English}, urldate = {2021-05-13} } Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
Agent Tesla AsyncRAT NetWire RC Revenge RAT
2021-04-21TalosVanja Svajcer
@online{svajcer:20210421:year:4741c8e, author = {Vanja Svajcer}, title = {{A year of Fajan evolution and Bloomberg themed campaigns}}, date = {2021-04-21}, organization = {Talos}, url = {https://blog.talosintelligence.com/2021/04/a-year-of-fajan-evolution-and-bloomberg.html}, language = {English}, urldate = {2021-04-28} } A year of Fajan evolution and Bloomberg themed campaigns
MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT
2021-03-12Reversing LabsRobert Simmons
@online{simmons:20210312:dotnet:0d3ffca, author = {Robert Simmons}, title = {{DotNET Loaders}}, date = {2021-03-12}, organization = {Reversing Labs}, url = {https://blog.reversinglabs.com/blog/dotnet-loaders}, language = {English}, urldate = {2021-03-16} } DotNET Loaders
Revenge RAT
2020-12-29UptycsAbhijit Mohanta
@online{mohanta:20201229:revenge:7c79587, author = {Abhijit Mohanta}, title = {{Revenge RAT targeting users in South America}}, date = {2020-12-29}, organization = {Uptycs}, url = {https://www.uptycs.com/blog/revenge-rat-targeting-users-in-south-america}, language = {English}, urldate = {2021-01-25} } Revenge RAT targeting users in South America
Revenge RAT
2020-10-26360 Core Security360
@online{360:20201026:aptc44:a336bf6, author = {360}, title = {{北非狐(APT-C-44)攻击活动揭露}}, date = {2020-10-26}, organization = {360 Core Security}, url = {https://blogs.360.cn/post/APT-C-44.html}, language = {Chinese}, urldate = {2020-11-09} } 北非狐(APT-C-44)攻击活动揭露
Xtreme RAT Houdini NjRAT Revenge RAT
2020-01-31ReversingLabsRobert Simmons
@online{simmons:20200131:rats:d8a4021, author = {Robert Simmons}, title = {{RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site}}, date = {2020-01-31}, organization = {ReversingLabs}, url = {https://blog.reversinglabs.com/blog/rats-in-the-library}, language = {English}, urldate = {2020-02-03} } RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT
2020-01-19360kate
@online{kate:20200119:bayworld:2cc2212, author = {kate}, title = {{BayWorld event, Cyber Attack Against Foreign Trade Industry}}, date = {2020-01-19}, organization = {360}, url = {https://blog.360totalsecurity.com/en/bayworld-event-cyber-attack-against-foreign-trade-industry/}, language = {English}, urldate = {2020-02-03} } BayWorld event, Cyber Attack Against Foreign Trade Industry
Azorult Formbook Nanocore RAT Revenge RAT
2019-11-28Kaspersky LabsGReAT
@online{great:20191128:revengehotels:4fd8ea9, author = {GReAT}, title = {{RevengeHotels: cybercrime targeting hotel front desks worldwide}}, date = {2019-11-28}, organization = {Kaspersky Labs}, url = {https://securelist.com/revengehotels/95229/}, language = {English}, urldate = {2020-01-09} } RevengeHotels: cybercrime targeting hotel front desks worldwide
Revenge RAT
2019-11-11Binary DefenseBinary Defense
@online{defense:20191111:revenge:114921b, author = {Binary Defense}, title = {{Revenge Is A Dish Best Served… Obfuscated?}}, date = {2019-11-11}, organization = {Binary Defense}, url = {https://www.binarydefense.com/revenge-is-a-dish-best-served-obfuscated}, language = {English}, urldate = {2020-01-09} } Revenge Is A Dish Best Served… Obfuscated?
Houdini Revenge RAT
2019-09-19NSHCThreatRecon Team
@online{team:20190919:hagga:066e932, author = {ThreatRecon Team}, title = {{Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore}}, date = {2019-09-19}, organization = {NSHC}, url = {https://threatrecon.nshc.net/2019/09/19/sectorh01-continues-abusing-web-services/}, language = {English}, urldate = {2020-01-08} } Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
Nanocore RAT Revenge RAT
2019-06-08YoroiLuigi Martire, Davide Testa, Luca Mella, ZLAB-Yoroi
@online{martire:20190608:evolution:c9d130c, author = {Luigi Martire and Davide Testa and Luca Mella and ZLAB-Yoroi}, title = {{The Evolution of Aggah: From Roma225 to the RG Campaign}}, date = {2019-06-08}, organization = {Yoroi}, url = {https://yoroi.company/research/the-evolution-of-aggah-from-roma225-to-the-rg-campaign/}, language = {English}, urldate = {2021-06-16} } The Evolution of Aggah: From Roma225 to the RG Campaign
Revenge RAT
2018-08-02Palo Alto Networks Unit 42Robert Falcone, David Fuertes, Josh Grunzweig, Kyle Wilhoit
@online{falcone:20180802:gorgon:06112b1, author = {Robert Falcone and David Fuertes and Josh Grunzweig and Kyle Wilhoit}, title = {{The Gorgon Group: Slithering Between Nation State and Cybercrime}}, date = {2018-08-02}, organization = {Palo Alto Networks Unit 42}, url = {https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/}, language = {English}, urldate = {2019-12-20} } The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT
2017-07-08InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20170708:vbscript:e2baa5d, author = {Xavier Mertens}, title = {{A VBScript with Obfuscated Base64 Data}}, date = {2017-07-08}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/22590}, language = {English}, urldate = {2020-01-13} } A VBScript with Obfuscated Base64 Data
Revenge RAT

There is no Yara-Signature yet.