Revenge RAT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.revenge_rat (Back to overview)

Revenge RAT

aka: Revetrat

Actor(s): The Gorgon Group

URLhaus

According to Cofense, Revenge RAT is a simple and freely available Remote Access Trojan that automatically gathers system information before allowing threat actors to remotely access system components such as webcams, microphones, and various other utilities.

References

2024-12-18 ⋅ Kaspersky Labs ⋅ Kaspersky
Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations
Babuk LockBit Revenge RAT SparkRAT Ukrainian Cyber Alliance

2023-10-05 ⋅ Twitter (@embee_research) ⋅ Embee_research
Introduction to DotNet Configuration Extraction - RevengeRAT
Revenge RAT

2022-08-18 ⋅ Proofpoint ⋅ Joe Wise, Proofpoint Threat Research Team, Selena Larson
Reservations Requested: TA558 Targets Hospitality and Travel
AsyncRAT Loda NjRAT Ozone RAT Revenge RAT Vjw0rm

2022-04-07 ⋅ Perception Point ⋅ Igal Lytzki
Revenge RAT Malware is back: From Microsoft Excel macros to Remote Access Trojan
Revenge RAT

2022-02-08 ⋅ Itay Migdal
RevengeRAT Analysis
Revenge RAT

2021-05-20 ⋅ Github (microsoft) ⋅ Microsoft
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy

2021-05-14 ⋅ Morphisec ⋅ Arnold Osipov
AHK RAT Loader Used in Unique Delivery Campaigns
AsyncRAT Houdini Revenge RAT

2021-05-07 ⋅ Morphisec ⋅ Nadav Lorber
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
Agent Tesla AsyncRAT NetWire RC Revenge RAT

2021-04-21 ⋅ Talos ⋅ Vanja Svajcer
A year of Fajan evolution and Bloomberg themed campaigns
MASS Logger Nanocore RAT NetWire RC Revenge RAT XpertRAT

2021-03-12 ⋅ Reversing Labs ⋅ Robert Simmons
DotNET Loaders
Revenge RAT

2020-12-29 ⋅ Uptycs ⋅ Abhijit Mohanta
Revenge RAT targeting users in South America
Revenge RAT

2020-10-26 ⋅ ⋅ 360 Core Security ⋅ 360
北非狐（APT-C-44）攻击活动揭露
Xtreme RAT Houdini NjRAT Revenge RAT

2020-01-31 ⋅ ReversingLabs ⋅ Robert Simmons
RATs in the Library: Remote Access Trojans Hide in Plain "Public" Site
CyberGate LimeRAT NjRAT Quasar RAT Revenge RAT

2020-01-19 ⋅ 360 ⋅ kate
BayWorld event, Cyber Attack Against Foreign Trade Industry
Azorult Formbook Nanocore RAT Revenge RAT

2019-11-28 ⋅ Kaspersky Labs ⋅ GReAT
RevengeHotels: cybercrime targeting hotel front desks worldwide
Revenge RAT ProCC RevengeHotels

2019-11-11 ⋅ Binary Defense ⋅ Binary Defense
Revenge Is A Dish Best Served… Obfuscated?
Houdini Revenge RAT

2019-09-19 ⋅ NSHC ⋅ ThreatRecon Team
Hagga of SectorH01 continues abusing Bitly, Blogger and Pastebin to deliver RevengeRAT and NanoCore
Nanocore RAT Revenge RAT

2019-06-08 ⋅ Yoroi ⋅ Davide Testa, Luca Mella, Luigi Martire, ZLAB-Yoroi
The Evolution of Aggah: From Roma225 to the RG Campaign
Revenge RAT

2018-08-02 ⋅ Palo Alto Networks Unit 42 ⋅ David Fuertes, Josh Grunzweig, Kyle Wilhoit, Robert Falcone
The Gorgon Group: Slithering Between Nation State and Cybercrime
Loki Password Stealer (PWS) Nanocore RAT NjRAT Quasar RAT Remcos Revenge RAT

2017-07-08 ⋅ InfoSec Handlers Diary Blog ⋅ Xavier Mertens
A VBScript with Obfuscated Base64 Data
Revenge RAT

There is no Yara-Signature yet.

Revenge RAT Propose Change

References

Revenge RAT