StallionRAT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.stallion_rat (Back to overview)

StallionRAT

Actor(s): YoroTrooper

According to BI.ZONE, StallionRAT allows attackers to execute arbitrary commands, load additional files, and exfiltrate collected data. The malware uses a Telegram bot as their C2 server.

References

2025-10-02 ⋅ Medium BI.ZONE ⋅ BI.ZONE
Cavalry Werewolf raids Russia’s public sector with trusted relationship attacks
FoalShell StallionRAT YoroTrooper

There is no Yara-Signature yet.

StallionRAT Propose Change

References

StallionRAT