RAT 

6.4.23  Pupy RAT Pupy rat is an open source tool for cross-platform remote administration (Windows, Linux, OSX, Android are supported as “clients”) and subsequent exploitation (post-exploitation). Written mostly in Python.  MALWARE RAT
3.4.23  Action RAT Action RAT is a remote access tool written in Delphi that has been used by SideCopy since at least December 2021 against Indian and Afghani government personnel. MALWARE RAT
03.04.2026 CrystalX A laughing RAT: CrystalX combines spyware, stealer, and prankware features MALWARE RAT
31.03.2026 AtlasCross RAT Trust the Tunnel, Get the Trojan: Silver Fox Delivers AtlasCross RAT via Weaponized VPN Installers MALWARE RAT
12.03.2026 TAXISPY RAT TAXISPY RAT : Analysis of TaxiSpy RAT – Russian Banking – Focused Android Malware with Full Remote Control MALWARE RAT
04.03.2026 Encrypted RAT Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT MALWARE RAT
03.03.2026 BurrowShell  SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh MALWARE RAT
27.02.2026 KazakRAT While hunting for C2 infrastructure on Censys, we uncovered a suspected state-affiliated cluster targeting Kazakh and Afghan entities in a persistent campaign, with C2 servers active at the time of writing (20th Jan 2026) that have been operating unreported since at least August 2022.  MALWARE RAT
27.02.2026 DesckVB_RAT This repository accompanies a full technical report documenting an active malware ecosystem centered around DesckVB RAT, a modular .NET Remote Access Trojan observed in live campaigns in early 2026.  MALWARE RAT
27.02.2026 Steaelite RAT Steaelite RAT Enables Double Extortion Attacks from a Single Panel MALWARE RAT
21.02.2026 Pulsar RAT Uncovering a Recent Pulsar RAT Sample in the Wild MALWARE RAT
11.02.2026 Koalemos RAT No Fool's Errand: The Koalemos RAT Campaign MALWARE RAT
19.01.2026 ModeloRAT Dissecting CrashFix: KongTuke's New Toy MALWARE RAT
10.01.2026 RustyWater Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant MALWARE RAT
08.01.2026 NodeCordRAT Malicious NPM Packages Deliver NodeCordRAT MALWARE RAT
13.12.2025 ValleyRAT Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits MALWARE RAT
13.12.2025 SetcodeRat SetcodeRat Exposed: A Telegram Secret Stealing Trojan Customized for Chinese-speaking Regions MALWARE RAT
13.12.2025 PyStoreRAT PyStoreRAT: A New AI-Driven Supply Chain Malware Campaign Targeting IT & OSINT Professionals  MALWARE RAT
10.12.2025 EtherRAT EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks MALWARE RAT
08.12.2025 ClayRat Return of ClayRat: Expanded Features and Techniques MALWARE RAT
05.12.2025 ValleyRAT Silver Fox’s Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack  MALWARE RAT
11.11.2025 EndClient RAT New Kimsuky Malware “EndClient RAT”: First Technical Report and IOCs MALWARE RAT
04.11.2025 SleepyDuck SleepyDuck malware invades Cursor through Open VSX MALWARE RAT
01.11.2025 Minecraft RAT RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules. MALWARE RAT
30.10.2025 NetSupport RAT Unpacking NetSupport RAT Loaders Delivered via ClickFix MALWARE RAT
30.10.2025 Atroposia Atroposia is a stealthy RAT with HRDP, credential theft, DNS hijacking & fileless exfiltration — aka cybercrime made easy for low-skill attackers. MALWARE RAT
30.10.2025 PureHVNC LATAM baited into the delivery of PureHVNC MALWARE RAT
26.10.2025 WebSocket RAT PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation MALWARE RAT
25.10.2025 DeskRAT TransparentTribe targets Indian military organisations with DeskRAT MALWARE RAT
25.10.2025 PhantomCaptcha  PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation MALWARE RAT
21.10.2025 SNAPPYBEE  Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion MALWARE RAT
20.10.2025 Winos 4.0 From China to Malaysia, FortiGuard Labs traces a hacker group’s shifting campaigns and evolving malware delivery tactics across Asia  MALWARE RAT
11.10.2025 Stealit New Stealit Campaign Abuses Node.js Single Executable Application MALWARE RAT
11.10.2025 Stealit New Stealit Campaign Abuses Node.js Single Executable Application MALWARE RAT
10.10.2025 ClayRat ClayRat: A New Android Spyware Targeting Russia MALWARE RAT
03.10.2025 Datzbro Datzbro: RAT Hiding Behind Senior Travel Scams MALWARE RAT
13.09.2025 MostereRAT FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control.  MALWARE RAT
11.09.2025 AsyncRAT  AsyncRAT in Action: Fileless Malware Techniques and Analysis of a Remote Access Trojan MALWARE RAT
10.09.2025 ZynorRAT ZynorRAT technical analysis: Reverse engineering a novel, Turkish Go-based RAT MALWARE RAT
09.09.2025 MostereRAT  MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access MALWARE RAT
05.09.2025 CastleRAT From CastleLoader to CastleRAT: TAG-150 Advances Operations with Multi-Tiered Infrastructure MALWARE RAT
02.09.2025 ROKRAT Operation HanKook Phantom: North Korean APT37 targeting South Korea MALWARE RAT
24.08.2025 XenoRAT XenoRAT malware campaign hits multiple embassies in South Korea MALWARE RAT
21.08.2025 QuirkyLoader  A new malware loader delivering infostealers and RATs MALWARE RAT
19.08.2025 GodRAT GodRAT – New RAT targeting financial institutions MALWARE RAT
05.08.2025 PlayPraetor PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT MALWARE RAT
19.07.2025 DslogdRAT DslogdRAT Malware Installed in Ivanti Connect Secure MALWARE RAT
16.07.2025 KongTuke Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT).  MALWARE RAT
08.07.2025 DRAT V2 DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal MALWARE RAT
24.06.2025 UMBRELLA STAND Malware targeting Fortinet devices MALWARE RAT
24.06.2025 SHOE RACK A post-exploitation tool for remote shell access & TCP tunnelling through a victim device. MALWARE RAT
21.06.2025 PylangGhost Famous Chollima deploying Python version of GolangGhost RAT MALWARE RAT
08.06.2025 Sakura RAT A simple customer query leads to a rabbit hole of backdoored malware and game cheats MALWARE RAT
06.06.2025 DuplexSpy DuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and Surveillance MALWARE RAT
04.06.2025 Chaos RAT From open-source to open threat: Tracking Chaos RAT’s evolution MALWARE RAT
30.05.2025 XWorm Malware with wide range of capabilities ranging from RAT to ransomware.  MALWARE RAT
30.05.2025 XWorm Malware with wide range of capabilities ranging from RAT to ransomware.  MALWARE RAT
29.05.2025 PE File DOS Header The MS-DOS Header is a 64-byte structure at the beginning of a PE file. Along with the DOS stub, the DOS header is responsible for MS-DOS backward compatibility. MALWARE RAT
28.05.2025 VenomRAT Inside a VenomRAT Malware Campaign MALWARE RAT
24.05.2025 Lactrodectus  Following the spiders: Investigating Lactrodectus malware MALWARE RAT
21.05.2025 Pure Harm Pure Harm: PureRAT Attacks Russian Organizations MALWARE RAT
16.05.2025 Remcos RAT Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT MALWARE RAT
25.04.2025 DslogdRAT DslogdRAT Malware Installed in Ivanti Connect Secure MALWARE RAT
18.04.2025 MysterySnail RAT IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia MALWARE RAT
15.04.2025 ResolverRAT New Malware Variant Identified: ResolverRAT Enters the Maze MALWARE RAT
15.04.2025 CurlBack RAT Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks MALWARE RAT
28.03.2025 Python-based Discord Remote Access Trojan ANALYSIS OF A DISCORD-BASED REMOTE ACCESS TROJAN (RAT) MALWARE RAT
28.03.2025 Konni RAT Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques MALWARE RAT
18.03.2025 StilachiRAT  StilachiRAT analysis: From system reconnaissance to cryptocurrency theft MALWARE RAT
07.03.2025 EncryptRAT Unveiling EncryptHub: Analysis of a multi-stage malware campaign  MALWARE RAT
06.03.2025 Poco RAT The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT MALWARE RAT
27.02.2025 ValleyRAT  ValleyRAT Insights: Tactics, Techniques, and Detection Methods MALWARE RAT
25.02.2025 HiddenGh0st RAT Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign MALWARE RAT
10.02.2025 ValleyRAT Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques MALWARE RAT
05.02.2025 AsyncRAT AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again MALWARE RAT
10.01.2025 NonEuclid RAT The NonEuclid Remote Access Trojan (RAT) is a type of malicious software that enables unauthorised remote access and control of a victim’s computer, often without their awareness.  MALWARE RAT
02.01.2025 Quasar RAT Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts MALWARE RAT
22.12.2024 WezRat The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD).  MALWARE RAT
18.12.2024 DarkGate  Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion MALWARE RAT
17.12.2024 WmRAT  Until 2016, the foreign security manufacturer Forcepoint disclosed the existence of the Manlinghua organization for the first time [1] ,.. MALWARE RAT
17.12.2024 MiyaRAT Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets MALWARE RAT
03.12.2024 NetSupport RAT Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT MALWARE RAT
03.12.2024 BurnsRAT Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT MALWARE RAT
26.11.2024 GHOSTSPIDER  Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries MALWARE RAT
18.11.2024 LodaRAT LodaRAT: Established Malware, New Victim Patterns MALWARE RAT
18.11.2024 Mr.Skeleton RAT Mr.Skeleton RAT - new malware based on the njRAT code MALWARE RAT
15.11.2024 WezRat Malware Spotlight:  A Deep-Dive Analysis of WezRat MALWARE RAT
08.11.2024 ElizaRAT Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT MALWARE RAT
27.10.2024 DarkVision RAT DarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020,... MALWARE RAT
27.09.2024 DCRat DCRat Targets Users with HTML Smuggling MALWARE RAT
25.09.2024 RomCom RAT Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware MALWARE RAT
23.09.2024 PondRAT Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors MALWARE RAT
19.09.2024 SambaSpy Exotic SambaSpy is now dancing with Italian users MALWARE RAT
21.08.2024 MoonPeak  MoonPeak malware from North Korean actors unveils new details on attacker infrastructure MALWARE RAT
16.08.2024 SharpRhino  SharpRhino – New Hunters International RAT Identified by Quorum Cyber MALWARE RAT
16.08.2024 ValleyRAT A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers MALWARE RAT
05.08.2024 STRRAT Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware MALWARE RAT
02.08.2024 BingoMod BingoMod: The new android RAT that steals money and wipes data MALWARE RAT
02.08.2024 Linux.BackDoor.TgRat.2 A trojan for Linux with a wide range of functions and the ability to be remotely controlled via a Telegram bot. The source code is written in Go and encrypted with RSA.  MALWARE RAT
02.08.2024 TgRAT At the first stage, the dropper checks the parameters (arguments) used for its launch: this impacts the intermediate persistence stage.  MALWARE RAT
13.07.2024 DarkGate DarkGate: Dancing the Samba With Alluring Excel Files MALWARE RAT
11.07.2024 Poco RAT New Malware Campaign Targeting Spanish Language Victims MALWARE RAT
17.06.2024 COATHANGER Ministry of Defence of the Netherlands uncovers COATHANGER,a stealthy Chinese FortiGate RAT MALWARE RAT
17.06.2024 NiceRAT  Botnet Installing NiceRAT Malware MALWARE RAT
14.06.2024 Script RAT In Bad Company: JScript RAT and CobaltStrike MALWARE RAT
13.06.2024 Noodle RAT Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups MALWARE RAT
12.06.2024 ValleyRAT Technical Analysis of the Latest Variant of ValleyRAT MALWARE RAT
05.06.2024 DarkGate During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans (RATs) by malicious actors. MALWARE RAT
03.06.2024 BitRAT  Fake Browser Updates delivering BitRAT and Lumma Stealer MALWARE RAT
29.05.2024 AllaSenha ALLASENHA: ALLAKORE VARIANT LEVERAGES AZURE CLOUD C2 TO STEAL BANKING DETAILS IN LATIN AMERICA MALWARE RAT
25.05.2024 ShadowPad BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT,  MALWARE RAT
25.05.2024 BloodAlchemy Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy MALWARE RAT
18.05.2024 SugarGh0st RAT Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts MALWARE RAT
27.04.2024 Kaolin RAT From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams MALWARE RAT
25.04.2024 Pupy RAT Analysis of Pupy RAT Used in Attacks Against Linux Systems MALWARE RAT
11.04.2024 XploitSPY RAT eXotic Visit campaign: Tracing the footprints of Virtual Invaders MALWARE RAT
08.04.2024 SecTopRAT Bing ad for NordVPN leads to SecTopRAT MALWARE RAT
05.04.2024 AGENT TESLA AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES MALWARE RAT
02.04.2024 VenomRAT VenomRAT: A remote access tool with dangerous consequences MALWARE RAT
30.03.2024 DinodasRAT DinodasRAT Linux implant targeting entities worldwide MALWARE RAT
27.03.2024 Trochilus RAT Trochilus is a C++ written RAT, which is available on GitHub. MALWARE RAT
22.03.2024 Revenge RAT Revenge RAT via malicious PPAM in Latin America, Portugal and Spain MALWARE RAT
22.03.2024 AceCryptor  Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries  MALWARE RAT
20.03.2024 NetSupportManager RAT Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago.  MALWARE RAT
20.03.2024 ROKRAT  APT37's ROKRAT HWP Object Linking and Embedding MALWARE RAT
14.03.2024 zgRAT zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. MALWARE RAT
14.03.2024 CyberGate According to Subex Secure, CyberGate is a Remote Access Trojan (RAT) that allows an attacker to gain unauthorized access to the victim’s system. MALWARE RAT
13.03.2024 STRRAT STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins. MALWARE RAT
07.03.2024 WogRAT AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform.  MALWARE RAT
07.03.2024 SpyNote The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code  MALWARE RAT
02.03.2024 BIFROSE The Art of Domain Deception: Bifrost's New Tactic to Deceive Users MALWARE RAT
28.02.2024 Nood RAT Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant) MALWARE RAT
27.02.2024 Remcos RAT We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.  MALWARE RAT
27.02.2024 DCRat We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.  MALWARE RAT
22.02.2024 KONNI To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer MALWARE RAT
12.02.2024 Warzone RAT The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.  MALWARE RAT
07.02.2024 COATHANGER Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to.. MALWARE RAT
05.02.2024 VajraSpy ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group  MALWARE RAT
29.01.2024 AllaKore RAT AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. MALWARE RAT
29.01.2024 RokRAT It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents.  MALWARE RAT
17.01.2024 Remcos RAT Remcos RAT Being Distributed via Webhards MALWARE RAT
09.01.2024 Silver RAT A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS MALWARE RAT
09.01.2024 Silver RAT A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS MALWARE RAT
05.01.2024 Bandook RAT Bandook - A Persistent Threat That Keeps Evolving MALWARE RAT
05.01.2024 Remcos RAT Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion MALWARE RAT
05.01.2024 Bandook RAT Bandook - A Persistent Threat That Keeps Evolving MALWARE RAT
05.01.2024 Remcos RAT Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion MALWARE RAT
29.12.2023 SectopRAT SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities.  MALWARE RAT
29.12.2023 FlawedGrace According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT). It seems to have been developed in the second half of 2017 mainly.  MALWARE RAT
24.12.2023 BazarNimrod A rewrite of Bazarloader in the Nim programming language.  MALWARE RAT
14.12.2023 DarkCrystalRAT DCRat is a typical RAT that has been around since at least June 2019.  MALWARE RAT
07.12.2023 Krasue  Curse of the Krasue: New Linux Remote Access Trojan targets Thailand MALWARE RAT
01.12.2023 SugarGh0st RAT New SugarGh0st RAT targets Uzbekistan government and South Korea MALWARE RAT
01.12.2023 Ghost RAT According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.  MALWARE RAT
28.11.2023 Tiger RAT This is third stage backdoor mentioned in the Kaspersky blog, "Andariel evolves to target South Korea with ransomware". The third stage payload was created via the second stage payload, is interactively executed in the operation and exists in both x64 and x86 versions. MALWARE RAT
25.11.2023 Konni Konni is a remote administration tool, observed in the wild since early 2014. MALWARE RAT
20.11.2023 Sayler RAT New Java-Based Sayler RAT Targets Polish Speaking Users MALWARE RAT
17.11.2023 AveMaria  Information stealer which uses AutoIT for wrapping.  MALWARE RAT
16.11.2023 SparkRAT BlueShell malware used in APT attacks targeting Korea and Thailand MALWARE RAT
09.11.2023 Action RAT Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence MALWARE RAT
09.11.2023 AllaKore AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. It implements the RFB protocol which uses frame buffers and thus is able to send back only the changes of screen frames to the controller, speeding up the transport and visualization control.  MALWARE RAT
06.11.2023 Google Calendar RAT The Rising Threat of Covert Cyber Attacks through Google Calendar MALWARE RAT
27.10.2023 Python-based RAT Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection MALWARE RAT
27.10.2023 Powershell-RAT In this course, you will learn exfiltration over alternative protocol: exfiltration over unencrypted/obfuscated non-C2 protocol using Powershell RAT.  MALWARE RAT
20.10.2023 RokRAT It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents.  MALWARE RAT
19.10.2023 Venom RAT VenomRAT - new, hackforums grade, reincarnation of QuassarRAT MALWARE RAT
16.10.2023 Hook According to ThreatFabric, this is a malware family based on apk.ermac. The name hook is the self-advertised named by its vendor DukeEugene. MALWARE RAT
14.10.2023 ROMCOM RAT Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed.  MALWARE RAT
13.10.2023 SeroXen RAT Phylum Discovers SeroXen RAT in Typosquatted NuGet Package MALWARE RAT
08.10.2023 HyperBro HyperBro is a RAT that has been observed to target primarily within the gambling industries, though it has been spotted in other places as well.  MALWARE RAT
05.10.2023 DinodasRAT  DinodasRAT uses TEA to decrypt some of its strings, as well as to encrypt/decrypt data sent to, or received from, its C&C server. MALWARE RAT
05.10.2023 SeroXen SeroXen is a fileless Remote Access Trojan (RAT) that excels in evading detection through both static and dynamic analysis methods MALWARE RAT
30.09.2023 ZenRAT Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden.  MALWARE RAT
30.09.2023 Gh0stCringe Gh0stCringe RAT Being Distributed to Vulnerable Database Servers MALWARE RAT
30.09.2023 China Chopper China Chopper is a Web Shell hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server. It has been used by several threat groups. MALWARE RAT
22.09.2023 Venom RAT Attack Activities by Quasar Family MALWARE RAT
20.09.2023 ValleyRAT In March 2023, Proofpoint identified a new malware we dubbed ValleyRAT. MALWARE RAT
19.09.2023 XWorm  Malware with wide range of capabilities ranging from RAT to ransomware.  MALWARE RAT
19.09.2023 CapraRAT According to PCrisk, CapraRAT is the name of an Android remote access trojan (RAT), possibly a modified version of another (open-source) RAT called AndroRAT. MALWARE RAT
06.09.2023 BlackRAT Analysis of Andariel’s New Attack Activities MALWARE RAT
06.09.2023 GoatRAT GoatRAT Attacks Automated Payment Systems MALWARE RAT
02.09.2023 NOVEL RAT ANALYSIS OF NOVEL RAT DISCOVERED DUBBED “SUPERBEAR”. THE RAT HAS BEEN FOUND TARGETING JOURNALIST AND DEPLOYED USING OPEN-SOURCE AUTOIT SCRIPTS. MALWARE RAT
25.08.2023 CollectionRAT Lazarus Group's infrastructure reuse leads to discovery of new malware MALWARE RAT
25.08.2023 QuiteRAT QuiteRAT is a simple remote access trojan written with the help of Qt libraries.  MALWARE RAT
23.08.2023 CraxsRAT ‘Malware-as-a-service’ has been around for some time, however of late, it has become increasingly convenient for cybercriminals to kickstart their activities without having to learn malware development itself. MALWARE RAT
23.08.2023 CypherRat The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code  MALWARE RAT
22.08.2023 PlugX RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. MALWARE RAT
21.08.2023 HiatusRAT In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. MALWARE RAT
19.08.2023 Gigabud RAT Gigabud is the name of an Android Remote Access Trojan (RAT) Android that can record the victim's screen and steal banking credentials by abusing the Accessibility Service. MALWARE RAT
14.08.2023 QwixxRAT A new threat has emerged in the realm of cybersecurity, referred to as QwixxRAT. Both businesses and individual users are at risk, as this Trojan silently infiltrates devices, casting a wide net of data extraction.  MALWARE RAT
14.08.2023 JanelaRAT  According to Zscaler, JanelaRAT is a heavily modified variant of BX RAT. MALWARE RAT
12.08.2023 XWorm Malware with wide range of capabilities ranging from RAT to ransomware.  MALWARE RAT
08.08.2023 OpenBullet  Multiple malicious OpenBullet configuration files are being shared within these communities, resulting in the installation of a Remote Access Trojan (RAT) on the user’s machine. MALWARE RAT
03.08.2023 Phorpiex Proofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. MALWARE RAT
03.08.2023 Ekipa RAT Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT MALWARE RAT
31.07.2023 AVrecon AVrecon is a Linux-based Remote Access Trojan (RAT) targeting small-office/home-office (SOHO) routers and other ARM-embedded devices. MALWARE RAT
26.07.2023 Pupy RAT Pupy is the name of an open-source Remote Administration Trojan (RAT) written in Python. MALWARE RAT
22.07.2023 DarkComet DarkComet is one of the most famous RATs, developed by Jean-Pierre Lesueur in 2008. MALWARE RAT
22.07.2023 HotRat HotRat: The Risks of Illegal Software Downloads and Hidden AutoHotkey Script Within MALWARE RAT
18.07.2023 Deed RAT Deed RAT, a piece of remote access trojan malware, has seen a resurgence in use over the recent weeks.  MALWARE RAT
14.07.2023 Colour-Blind Kroll has identified a fully featured information stealer and remote access tool (RAT) in the Python Package Index (PyPI) that it is calling “Colour-Blind”. MALWARE RAT
11.07.2023 Pandora RAT Github Repository with source code for Pandora hVNC MALWARE RAT
10.07.2023 RomCom RAT Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed.  MALWARE RAT
07.07.2023 FlawedGrace  According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT) MALWARE RAT
07.07.2023 ROMCOM RAT Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed.  MALWARE RAT
07.07.2023 Venom RAT VenomRAT - new, hackforums grade, reincarnation of QuassarRAT MALWARE RAT
30.06.2023 YamaBot Lazarus and the tale of three RATs MALWARE RAT
30.06.2023 MagicRAT Emulating the Highly Sophisticated North Korean Adversary Lazarus Group MALWARE RAT
30.06.2023 Dtrack Dtrack is a Remote Administration Tool (RAT) developed by the Lazarus group. MALWARE RAT
30.06.2023 EarlyRat Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022 MALWARE RAT
30.06.2023 SeroXen This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. MALWARE RAT
22.06.2023 Snip3 Zscaler ThreatLabz researchers observed multiple threat campaigns utilizing the Snip3 crypter, a multi-stage remote access trojan (RAT). MALWARE RAT
13.06.2023 VenomRAT The first messages about VenomRAT started to appear in June 2020. MALWARE RAT
13.06.2023 DCRat DCRat is a typical RAT that has been around since at least June 2019.  MALWARE RAT
31.05.2023 RomCom RAT Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. MALWARE RAT
19.05.2023 TurkoRat ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected.  MALWARE RAT
18.05.2023 SpyNote Android Spyware is one of the most common kinds of malware used by attackers to gain access to personal data and carry out fraud operations. MALWARE RAT
12.05.2023 AllaKore AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. MALWARE RAT
12.05.2023 Action RAT Action RAT is a remote access tool written in Delphi that has been used by SideCopy since at least December 2021 against Indian and Afghani government personnel. MALWARE RAT
06.05.2023 goatRat goatRat is the name of a remote access trojan (RAT) - a malicious app that allows attackers to take control of an Android device. MALWARE RAT
05.05.2023 Gravity RAT GravityRAT malware takes your system's temperature MALWARE RAT
05.05.2023 RokRAT  It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. MALWARE RAT
28.04.2023 Bisonal Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs MALWARE RAT
28.04.2023 LimeRAT Simple yet powerful RAT for Windows machines. This project is simple and easy to understand, It should give you a general knowledge about dotNET malwares and how it behaves. MALWARE RAT
26.04.2023 JLORAT   MALWARE RAT
26.04.2023 Ave Maria Information stealer which uses AutoIT for wrapping. MALWARE RAT
20.04.2023 RomCom RAT  Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed.  MALWARE RAT
14.04.2023 CapraRAT Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials MALWARE RAT
14.04.2023 BLINDINGCAN According to SentinelOne, this RAT can gather and transmit a defined set of system features, create/terminate/manipulate processes and files, and has self-updating and deletion capability.  MALWARE RAT
08.04.2023 Ekipa RAT Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT MALWARE RAT
08.04.2023 ViperRat  ViperRAT is an active, advanced persistent threat (APT) that sophisticated threat actors are actively using to target and spy on the Israeli Defense Force. MALWARE RAT
23.03.2023 DOTRUNPEX  DEMYSTIFYING NEW VIRTUALIZED .NET INJECTOR USED IN THE WILD MALWARE RAT
10.03.2023 NetWire Netwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well.  MALWARE RAT
10.03.2023 Xenomorph Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor.  MALWARE RAT
07.03.2023 CrimsonRat CrimsonRAT is a remote access Trojan used to take remote control of infected systems and steal data. We know this particular RAT is used by the Transparent Tribe APT group. MALWARE RAT
07.03.2023 CapraRAT Most likely active since July 2022, the campaign has distributed CapraRAT backdoors through at least two similar websites, while representing them as untainted versions of those secure messaging apps. MALWARE RAT
06.03.2023 ZuoRAT According to Black Lotus Labs, ZuoRAT is a MIPS file compiled for SOHO routers that can enumerate a host and internal LAN, capture packets being transmitted over the infected device and perform person-in-the-middle attacks (DNS and HTTPS hijacking based on predefined rules).  MALWARE RAT
06.03.2023 HiatusRAT Just nine months after discovering ZuoRAT – a novel malware targeting small office/home office (SOHO) routers – Lumen Black Lotus Labs® MALWARE RAT
02.03.2023 HyperBro HyperBro is a RAT that has been observed to target primarily within the gambling industries, though it has been spotted in other places as well. MALWARE RAT
28.02.2023 BitRAT According to Bitdefender, BitRAT is a notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums. Its price tag of $20 for lifetime access makes it irresistible to cybercriminals and helps the malicious payload spread.  MALWARE RAT
27.02.2023 PlugX  RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. Once the device is infected, an attacker can remotely execute several kinds of commands on the affected system.  MALWARE RAT
23.02.2023 Lilith RAT New Ransomware Groups On The Rise: “RedAlert,” LILITH And 0mega Leading A Wave Of Ransomware Campaigns MALWARE RAT
21.02.2023 ReverseRAT APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT MALWARE RAT
18.02.2023 OxtaRAT  Operation Silent Watch: Desktop Surveillance in Azerbaijan and Armenia MALWARE RAT
18.02.2023 FatalRat 'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks MALWARE RAT
15.02.2023 M2RAT The RedEyes group is known to steal personal PC information as well as mobile phone data targeting specific individuals, not companies. The main characteristics of this RedEyes group attack case are the use of the Hangul EPS vulnerability and the spread of malicious code using the steganography technique.  MALWARE RAT
11.02.2023 Ghost RAT According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth.  MALWARE RAT
11.02.2023 CloudEyE CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.  MALWARE RAT
08.02.2023 Remcos Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers. MALWARE RAT
28.01.2023 Orcus RAT Orcus has been advertised as a Remote Administration Tool (RAT) since early 2016. It has all the features that would be expected from a RAT and probably more.  MALWARE RAT
28.01.2023 SparkRAT Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation MALWARE RAT
28.01.2023 CageyChameleon CageyChameleon Malware is a VBS-based backdoor which has the capability to enumerate the list of running processes and check for the presence of several antivirus products. CageyChameleon will collect user host information, system current process information, etc. The collected information is sent back to the C2 server, and continue to initiate requests to perform subsequent operations.  MALWARE RAT
27.01.2023 StrifeWater StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations MALWARE RAT
27.01.2023 PY#RATION According to Securonix, this malware exhibits remote access trojan (RAT) behavior, allowing for control of and persistence on the affected host. MALWARE RAT
20.01.2023 NjRAT We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa.  MALWARE RAT
14.01.2023 STRRAT Let’s take a look at a recent sample of the Java-based malware known as STRRAT. MALWARE RAT
09.01.2023 BitRAT A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. MALWARE RAT
28.06.2022 ZuoRAT  A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks.  MALWARE RAT
25.06.2022 StrifeWater RAT Following recently published research detailing the group’s TTPs including their main tools “PyDcrypt” and “DCSrv”, the Cybereason Nocturnus team discovered a previously unidentified Remote Access Trojan (RAT) in the Moses Staff arsenal dubbed StrifeWater. MALWARE RAT
14.06.2022 Warzone RAT Warzone aims to be the Remote Access Trojan (RAT) of choice for aspiring miscreants on a budget. It is sold on a publicly available website as opposed to on the dark web, as a Malware-as-a-Service (MaaS) subscription-based platform. MALWARE RAT
14.06.2022 Arkei Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA MALWARE RAT
14.06.2022 PureCrypter  PureCrypter has been growing in popularity with a number of information stealers and remote access trojans (RATs) being deployed by it. ThreatLabz has observed PureCrypter being used to distribute the following malware families:  MALWARE RAT
12.05.2022 Bitter APT   MALWARE RAT
12.05.2022 Nerbian RAT The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries. It is written in operating system (OS) agnostic Go programming language, compiled for 64-bit systems, and leverages several encryption routines to further evade network analysis.  MALWARE RAT
10.05.2022 DarkCrystal RAT DCRat (also known as DarkCrystal RAT) is a commercial Russian backdoor that was first released in 2018, before being redesigned and relaunched a year later. Notably, this threat appears to have been developed and maintained by a single person going by the pseudonyms of “boldenis44,” “crystalcoder,” and Кодер (“Coder”). MALWARE RAT
08.05.2022 NanoCore Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors. MALWARE RAT
08.05.2022 Remcos Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user. MALWARE RAT
02.04.2022 Gh0st RAT    MALWARE RAT
02.04.2022 ObliqueRAT   MALWARE RAT
02.04.2022 CapraRAT   MALWARE RAT
28.03.2022 FatalRat   MALWARE RAT