RAT - Cybersec Sentinel

RAT

A collection of 19 posts

ScarCruft and RokRAT Pose High Threat to Government and Academia

ScarCruft and RokRAT Pose High Threat to Government and Academia

Threat Group: ScarCruft / APT37 / Reaper / Red Eyes Threat Type: Advanced Persistent Threat (APT), Remote‑Access Trojan (RAT), Espionage and Ransomware Exploited Vulnerabilities: CVE‑2017‑8291 (Encapsulated PostScript vulnerability in Hangul Word Processor), CVE‑2024‑38178 (Internet Explorer mode of Microsoft Edge), vulnerabilities in Hancom Office; exploitation of Windows LNK files,

Skype Delivered SCR and PIF Files Deploy GodRAT Malware in Financial Campaigns

Skype Delivered SCR and PIF Files Deploy GodRAT Malware in Financial Campaigns

Threat Group: Winnti (APT41) – suspected attribution based on code lineage and targeting Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering via Skype delivering malicious .SCR and .PIF files containing steganographic shellcode in JPEGs and DLL sideloading Malware Used: GodRAT – evolution of Gh0st RAT and AwesomePuppet, featuring plugin-based architecture

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

$Threat Group: Gamaredon (a.k.a. Primitive Bear, UAC‑0010/UAC‑0184, Hive0156) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: LNK shortcut execution, mshta abuse, PowerShell scripting, DLL sideloading Malware Used: Remcos RAT v6.0.0 Pro Threat Score: 🔴 High (7.5/10) – Due to fileless in-memory execution, sophisticated

Skitnet Malware C2 via DNS and Rust Loader Threatens Enterprise Networks

Skitnet Malware C2 via DNS and Rust Loader Threatens Enterprise Networks

Threat Group: - LARVA-306 Threat Type: - Post-Exploitation Malware / Remote Access Trojan (RAT) Exploited Vulnerabilities: - Not tied to specific CVEs; deployed post-compromise Malware Used: - Skitnet (Bossnet) Threat Score: - 🔴 High (8.3/10) – Due to its DNS C2, Rust/Nim modular design, stealthy persistence, and ransomware group integration

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Threat Group – Individuals using the aliases ABOLHB and Rino, operating as the Mason Team / FreeMasonry group and distributing the malware through a freemium Malware‑as‑a‑Service model. Threat Type – Remote Access Trojan with credential theft, ransomware, destructive wipe, and clipboard hijacking plug‑ins. Exploited Vulnerabilities – Social‑engineering of users

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

PJobRAT Returns: New Campaign Distributes Malware via Counterfeit IM Apps

Threat Group: Unattributed (Historically linked to SideCopy) Threat Type: Remote Access Trojan (Android RAT) Exploited Vulnerabilities: Social Engineering, Compromised WordPress Sites Malware Used: PJobRAT (latest variant with shell command execution) Threat Score: 🔴 High (8.3/10) – Due to persistence, enhanced capabilities, and deception-based delivery Last Threat Observation: October 2024 (per

Emerging Malware StilachiRAT Targets Digital Assets

Emerging Malware StilachiRAT Targets Digital Assets

Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Unknown Malware Used: StilachiRAT Threat Score: 🔴 High (8.4/10) – Due to its comprehensive data theft capabilities, advanced evasion techniques, and specific targeting of cryptocurrency assets. Last Threat Observation: March 20, 2025 Overview StilachiRAT is a newly discovered Remote Access Trojan (RAT)

Desert Dexter Campaign Exploits AsyncRAT for Cyberattacks

Desert Dexter Campaign Exploits AsyncRAT for Cyberattacks

Threat Group: Desert Dexter Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social Engineering, Software Vulnerabilities (WinRAR) Malware Used: AsyncRAT (Modified Version) Threat Score: High (9.0/10) – Advanced evasion techniques, broad industry targeting, offline keylogging, and sophisticated persistence. Last Threat Observation: March 8, 2025 Overview The Desert Dexter campaign,

Dark Caracal Deploying Poco RAT in Latin America

Dark Caracal Deploying Poco RAT in Latin America

Threat Group: Dark Caracal Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Social engineering via phishing emails Malware Used: Poco RAT Threat Score: High (8.5/10) – Due to its focus on critical infrastructure, advanced evasion techniques, and targeted regional attacks. Last Threat Observation: March 6, 2025 Overview Poco RAT

FatalRAT Phishing Attacks Targeting APAC Industrial Sectors

FatalRAT Phishing Attacks Targeting APAC Industrial Sectors

Threat Group: Unattributed Chinese-speaking Threat Actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: No specific software vulnerabilities exploited; relies on social engineering and phishing techniques Malware Used: FatalRAT Threat Score: High (8.5/10) – Due to its sophisticated multi-stage infection chain, targeting of critical industrial sectors, and advanced evasion