RAT
| 6.4.23 | Pupy RAT | Pupy rat is an open source tool for cross-platform remote administration (Windows, Linux, OSX, Android are supported as “clients”) and subsequent exploitation (post-exploitation). Written mostly in Python. | MALWARE | RAT |
| 3.4.23 | Action RAT | Action RAT is a remote access tool written in Delphi that has been used by SideCopy since at least December 2021 against Indian and Afghani government personnel. | MALWARE | RAT |
| 03.04.2026 | CrystalX | A laughing RAT: CrystalX combines spyware, stealer, and prankware features | MALWARE | RAT |
| 31.03.2026 | AtlasCross RAT | Trust the Tunnel, Get the Trojan: Silver Fox Delivers AtlasCross RAT via Weaponized VPN Installers | MALWARE | RAT |
| 12.03.2026 | TAXISPY RAT | TAXISPY RAT : Analysis of TaxiSpy RAT – Russian Banking – Focused Android Malware with Full Remote Control | MALWARE | RAT |
| 04.03.2026 | Encrypted RAT | Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT | MALWARE | RAT |
| 03.03.2026 | BurrowShell | SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh | MALWARE | RAT |
| 27.02.2026 | KazakRAT | While hunting for C2 infrastructure on Censys, we uncovered a suspected state-affiliated cluster targeting Kazakh and Afghan entities in a persistent campaign, with C2 servers active at the time of writing (20th Jan 2026) that have been operating unreported since at least August 2022. | MALWARE | RAT |
| 27.02.2026 | DesckVB_RAT | This repository accompanies a full technical report documenting an active malware ecosystem centered around DesckVB RAT, a modular .NET Remote Access Trojan observed in live campaigns in early 2026. | MALWARE | RAT |
| 27.02.2026 | Steaelite RAT | Steaelite RAT Enables Double Extortion Attacks from a Single Panel | MALWARE | RAT |
| 21.02.2026 | Pulsar RAT | Uncovering a Recent Pulsar RAT Sample in the Wild | MALWARE | RAT |
| 11.02.2026 | Koalemos RAT | No Fool's Errand: The Koalemos RAT Campaign | MALWARE | RAT |
| 19.01.2026 | ModeloRAT | Dissecting CrashFix: KongTuke's New Toy | MALWARE | RAT |
| 10.01.2026 | RustyWater | Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant | MALWARE | RAT |
| 08.01.2026 | NodeCordRAT | Malicious NPM Packages Deliver NodeCordRAT | MALWARE | RAT |
| 13.12.2025 | ValleyRAT | Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits | MALWARE | RAT |
| 13.12.2025 | SetcodeRat | SetcodeRat Exposed: A Telegram Secret Stealing Trojan Customized for Chinese-speaking Regions | MALWARE | RAT |
| 13.12.2025 | PyStoreRAT | PyStoreRAT: A New AI-Driven Supply Chain Malware Campaign Targeting IT & OSINT Professionals | MALWARE | RAT |
| 10.12.2025 | EtherRAT | EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks | MALWARE | RAT |
| 08.12.2025 | ClayRat | Return of ClayRat: Expanded Features and Techniques | MALWARE | RAT |
| 05.12.2025 | ValleyRAT | Silver Fox’s Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack | MALWARE | RAT |
| 11.11.2025 | EndClient RAT | New Kimsuky Malware “EndClient RAT”: First Technical Report and IOCs | MALWARE | RAT |
| 04.11.2025 | SleepyDuck | SleepyDuck malware invades Cursor through Open VSX | MALWARE | RAT |
| 01.11.2025 | Minecraft RAT | RL's analysis of an STD Group-operated RAT yielded file indicators to better detect the malware and two YARA rules. | MALWARE | RAT |
| 30.10.2025 | NetSupport RAT | Unpacking NetSupport RAT Loaders Delivered via ClickFix | MALWARE | RAT |
| 30.10.2025 | Atroposia | Atroposia is a stealthy RAT with HRDP, credential theft, DNS hijacking & fileless exfiltration — aka cybercrime made easy for low-skill attackers. | MALWARE | RAT |
| 30.10.2025 | PureHVNC | LATAM baited into the delivery of PureHVNC | MALWARE | RAT |
| 26.10.2025 | WebSocket RAT | PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation | MALWARE | RAT |
| 25.10.2025 | DeskRAT | TransparentTribe targets Indian military organisations with DeskRAT | MALWARE | RAT |
| 25.10.2025 | PhantomCaptcha | PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation | MALWARE | RAT |
| 21.10.2025 | SNAPPYBEE | Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion | MALWARE | RAT |
| 20.10.2025 | Winos 4.0 | From China to Malaysia, FortiGuard Labs traces a hacker group’s shifting campaigns and evolving malware delivery tactics across Asia | MALWARE | RAT |
| 11.10.2025 | Stealit | New Stealit Campaign Abuses Node.js Single Executable Application | MALWARE | RAT |
| 11.10.2025 | Stealit | New Stealit Campaign Abuses Node.js Single Executable Application | MALWARE | RAT |
| 10.10.2025 | ClayRat | ClayRat: A New Android Spyware Targeting Russia | MALWARE | RAT |
| 03.10.2025 | Datzbro | Datzbro: RAT Hiding Behind Senior Travel Scams | MALWARE | RAT |
| 13.09.2025 | MostereRAT | FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control. | MALWARE | RAT |
| 11.09.2025 | AsyncRAT | AsyncRAT in Action: Fileless Malware Techniques and Analysis of a Remote Access Trojan | MALWARE | RAT |
| 10.09.2025 | ZynorRAT | ZynorRAT technical analysis: Reverse engineering a novel, Turkish Go-based RAT | MALWARE | RAT |
| 09.09.2025 | MostereRAT | MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access | MALWARE | RAT |
| 05.09.2025 | CastleRAT | From CastleLoader to CastleRAT: TAG-150 Advances Operations with Multi-Tiered Infrastructure | MALWARE | RAT |
| 02.09.2025 | ROKRAT | Operation HanKook Phantom: North Korean APT37 targeting South Korea | MALWARE | RAT |
| 24.08.2025 | XenoRAT | XenoRAT malware campaign hits multiple embassies in South Korea | MALWARE | RAT |
| 21.08.2025 | QuirkyLoader | A new malware loader delivering infostealers and RATs | MALWARE | RAT |
| 19.08.2025 | GodRAT | GodRAT – New RAT targeting financial institutions | MALWARE | RAT |
| 05.08.2025 | PlayPraetor | PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT | MALWARE | RAT |
| 19.07.2025 | DslogdRAT | DslogdRAT Malware Installed in Ivanti Connect Secure | MALWARE | RAT |
| 16.07.2025 | KongTuke | Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). | MALWARE | RAT |
| 08.07.2025 | DRAT V2 | DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal | MALWARE | RAT |
| 24.06.2025 | UMBRELLA STAND | Malware targeting Fortinet devices | MALWARE | RAT |
| 24.06.2025 | SHOE RACK | A post-exploitation tool for remote shell access & TCP tunnelling through a victim device. | MALWARE | RAT |
| 21.06.2025 | PylangGhost | Famous Chollima deploying Python version of GolangGhost RAT | MALWARE | RAT |
| 08.06.2025 | Sakura RAT | A simple customer query leads to a rabbit hole of backdoored malware and game cheats | MALWARE | RAT |
| 06.06.2025 | DuplexSpy | DuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and Surveillance | MALWARE | RAT |
| 04.06.2025 | Chaos RAT | From open-source to open threat: Tracking Chaos RAT’s evolution | MALWARE | RAT |
| 30.05.2025 | XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | MALWARE | RAT |
| 30.05.2025 | XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | MALWARE | RAT |
| 29.05.2025 | PE File DOS Header | The MS-DOS Header is a 64-byte structure at the beginning of a PE file. Along with the DOS stub, the DOS header is responsible for MS-DOS backward compatibility. | MALWARE | RAT |
| 28.05.2025 | VenomRAT | Inside a VenomRAT Malware Campaign | MALWARE | RAT |
| 24.05.2025 | Lactrodectus | Following the spiders: Investigating Lactrodectus malware | MALWARE | RAT |
| 21.05.2025 | Pure Harm | Pure Harm: PureRAT Attacks Russian Organizations | MALWARE | RAT |
| 16.05.2025 | Remcos RAT | Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT | MALWARE | RAT |
| 25.04.2025 | DslogdRAT | DslogdRAT Malware Installed in Ivanti Connect Secure | MALWARE | RAT |
| 18.04.2025 | MysterySnail RAT | IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia | MALWARE | RAT |
| 15.04.2025 | ResolverRAT | New Malware Variant Identified: ResolverRAT Enters the Maze | MALWARE | RAT |
| 15.04.2025 | CurlBack RAT | Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks | MALWARE | RAT |
| 28.03.2025 | Python-based Discord Remote Access Trojan | ANALYSIS OF A DISCORD-BASED REMOTE ACCESS TROJAN (RAT) | MALWARE | RAT |
| 28.03.2025 | Konni RAT | Analysis of Konni RAT: Stealth, Persistence, and Anti-Analysis Techniques | MALWARE | RAT |
| 18.03.2025 | StilachiRAT | StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | MALWARE | RAT |
| 07.03.2025 | EncryptRAT | Unveiling EncryptHub: Analysis of a multi-stage malware campaign | MALWARE | RAT |
| 06.03.2025 | Poco RAT | The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT | MALWARE | RAT |
| 27.02.2025 | ValleyRAT | ValleyRAT Insights: Tactics, Techniques, and Detection Methods | MALWARE | RAT |
| 25.02.2025 | HiddenGh0st RAT | Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign | MALWARE | RAT |
| 10.02.2025 | ValleyRAT | Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques | MALWARE | RAT |
| 05.02.2025 | AsyncRAT | AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again | MALWARE | RAT |
| 10.01.2025 | NonEuclid RAT | The NonEuclid Remote Access Trojan (RAT) is a type of malicious software that enables unauthorised remote access and control of a victim’s computer, often without their awareness. | MALWARE | RAT |
| 02.01.2025 | Quasar RAT | Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts | MALWARE | RAT |
| 22.12.2024 | WezRat | The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD). | MALWARE | RAT |
| 18.12.2024 | DarkGate | Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion | MALWARE | RAT |
| 17.12.2024 | WmRAT | Until 2016, the foreign security manufacturer Forcepoint disclosed the existence of the Manlinghua organization for the first time [1] ,.. | MALWARE | RAT |
| 17.12.2024 | MiyaRAT | Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets | MALWARE | RAT |
| 03.12.2024 | NetSupport RAT | Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT | MALWARE | RAT |
| 03.12.2024 | BurnsRAT | Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT | MALWARE | RAT |
| 26.11.2024 | GHOSTSPIDER | Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries | MALWARE | RAT |
| 18.11.2024 | LodaRAT | LodaRAT: Established Malware, New Victim Patterns | MALWARE | RAT |
| 18.11.2024 | Mr.Skeleton RAT | Mr.Skeleton RAT - new malware based on the njRAT code | MALWARE | RAT |
| 15.11.2024 | WezRat | Malware Spotlight: A Deep-Dive Analysis of WezRat | MALWARE | RAT |
| 08.11.2024 | ElizaRAT | Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT | MALWARE | RAT |
| 27.10.2024 | DarkVision RAT | DarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020,... | MALWARE | RAT |
| 27.09.2024 | DCRat | DCRat Targets Users with HTML Smuggling | MALWARE | RAT |
| 25.09.2024 | RomCom RAT | Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware | MALWARE | RAT |
| 23.09.2024 | PondRAT | Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors | MALWARE | RAT |
| 19.09.2024 | SambaSpy | Exotic SambaSpy is now dancing with Italian users | MALWARE | RAT |
| 21.08.2024 | MoonPeak | MoonPeak malware from North Korean actors unveils new details on attacker infrastructure | MALWARE | RAT |
| 16.08.2024 | SharpRhino | SharpRhino – New Hunters International RAT Identified by Quorum Cyber | MALWARE | RAT |
| 16.08.2024 | ValleyRAT | A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers | MALWARE | RAT |
| 05.08.2024 | STRRAT | Bloody Wolf strikes organizations in Kazakhstan with STRRAT commercial malware | MALWARE | RAT |
| 02.08.2024 | BingoMod | BingoMod: The new android RAT that steals money and wipes data | MALWARE | RAT |
| 02.08.2024 | Linux.BackDoor.TgRat.2 | A trojan for Linux with a wide range of functions and the ability to be remotely controlled via a Telegram bot. The source code is written in Go and encrypted with RSA. | MALWARE | RAT |
| 02.08.2024 | TgRAT | At the first stage, the dropper checks the parameters (arguments) used for its launch: this impacts the intermediate persistence stage. | MALWARE | RAT |
| 13.07.2024 | DarkGate | DarkGate: Dancing the Samba With Alluring Excel Files | MALWARE | RAT |
| 11.07.2024 | Poco RAT | New Malware Campaign Targeting Spanish Language Victims | MALWARE | RAT |
| 17.06.2024 | COATHANGER | Ministry of Defence of the Netherlands uncovers COATHANGER,a stealthy Chinese FortiGate RAT | MALWARE | RAT |
| 17.06.2024 | NiceRAT | Botnet Installing NiceRAT Malware | MALWARE | RAT |
| 14.06.2024 | Script RAT | In Bad Company: JScript RAT and CobaltStrike | MALWARE | RAT |
| 13.06.2024 | Noodle RAT | Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups | MALWARE | RAT |
| 12.06.2024 | ValleyRAT | Technical Analysis of the Latest Variant of ValleyRAT | MALWARE | RAT |
| 05.06.2024 | DarkGate | During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans (RATs) by malicious actors. | MALWARE | RAT |
| 03.06.2024 | BitRAT | Fake Browser Updates delivering BitRAT and Lumma Stealer | MALWARE | RAT |
| 29.05.2024 | AllaSenha | ALLASENHA: ALLAKORE VARIANT LEVERAGES AZURE CLOUD C2 TO STEAL BANKING DETAILS IN LATIN AMERICA | MALWARE | RAT |
| 25.05.2024 | ShadowPad | BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, | MALWARE | RAT |
| 25.05.2024 | BloodAlchemy | Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy | MALWARE | RAT |
| 18.05.2024 | SugarGh0st RAT | Artificial Sweetener: SugarGh0st RAT Used to Target American Artificial Intelligence Experts | MALWARE | RAT |
| 27.04.2024 | Kaolin RAT | From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams | MALWARE | RAT |
| 25.04.2024 | Pupy RAT | Analysis of Pupy RAT Used in Attacks Against Linux Systems | MALWARE | RAT |
| 11.04.2024 | XploitSPY RAT | eXotic Visit campaign: Tracing the footprints of Virtual Invaders | MALWARE | RAT |
| 08.04.2024 | SecTopRAT | Bing ad for NordVPN leads to SecTopRAT | MALWARE | RAT |
| 05.04.2024 | AGENT TESLA | AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES | MALWARE | RAT |
| 02.04.2024 | VenomRAT | VenomRAT: A remote access tool with dangerous consequences | MALWARE | RAT |
| 30.03.2024 | DinodasRAT | DinodasRAT Linux implant targeting entities worldwide | MALWARE | RAT |
| 27.03.2024 | Trochilus RAT | Trochilus is a C++ written RAT, which is available on GitHub. | MALWARE | RAT |
| 22.03.2024 | Revenge RAT | Revenge RAT via malicious PPAM in Latin America, Portugal and Spain | MALWARE | RAT |
| 22.03.2024 | AceCryptor | Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries | MALWARE | RAT |
| 20.03.2024 | NetSupportManager RAT | Enigma Software notes that NetSupport Manager is a genuine application, which was first released about twenty years ago. | MALWARE | RAT |
| 20.03.2024 | ROKRAT | APT37's ROKRAT HWP Object Linking and Embedding | MALWARE | RAT |
| 14.03.2024 | zgRAT | zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. | MALWARE | RAT |
| 14.03.2024 | CyberGate | According to Subex Secure, CyberGate is a Remote Access Trojan (RAT) that allows an attacker to gain unauthorized access to the victim’s system. | MALWARE | RAT |
| 13.03.2024 | STRRAT | STRRAT is a Java-based RAT, which makes extensive use of plugins to provide full remote access to an attacker, as well as credential stealing, key logging and additional plugins. | MALWARE | RAT |
| 07.03.2024 | WogRAT | AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. | MALWARE | RAT |
| 07.03.2024 | SpyNote | The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code | MALWARE | RAT |
| 02.03.2024 | BIFROSE | The Art of Domain Deception: Bifrost's New Tactic to Deceive Users | MALWARE | RAT |
| 28.02.2024 | Nood RAT | Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant) | MALWARE | RAT |
| 27.02.2024 | Remcos RAT | We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. | MALWARE | RAT |
| 27.02.2024 | DCRat | We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. | MALWARE | RAT |
| 22.02.2024 | KONNI | To Russia With Love: Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer | MALWARE | RAT |
| 12.02.2024 | Warzone RAT | The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. | MALWARE | RAT |
| 07.02.2024 | COATHANGER | Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed COATHANGER from an actor-controlled server that's designed to.. | MALWARE | RAT |
| 05.02.2024 | VajraSpy | ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group | MALWARE | RAT |
| 29.01.2024 | AllaKore RAT | AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. | MALWARE | RAT |
| 29.01.2024 | RokRAT | It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. | MALWARE | RAT |
| 17.01.2024 | Remcos RAT | Remcos RAT Being Distributed via Webhards | MALWARE | RAT |
| 09.01.2024 | Silver RAT | A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS | MALWARE | RAT |
| 09.01.2024 | Silver RAT | A GAMER TURNED MALWARE DEVELOPER : DIVING INTO SILVERRAT AND IT’S SYRIAN ROOTS | MALWARE | RAT |
| 05.01.2024 | Bandook RAT | Bandook - A Persistent Threat That Keeps Evolving | MALWARE | RAT |
| 05.01.2024 | Remcos RAT | Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion | MALWARE | RAT |
| 05.01.2024 | Bandook RAT | Bandook - A Persistent Threat That Keeps Evolving | MALWARE | RAT |
| 05.01.2024 | Remcos RAT | Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion | MALWARE | RAT |
| 29.12.2023 | SectopRAT | SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities. | MALWARE | RAT |
| 29.12.2023 | FlawedGrace | According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT). It seems to have been developed in the second half of 2017 mainly. | MALWARE | RAT |
| 24.12.2023 | BazarNimrod | A rewrite of Bazarloader in the Nim programming language. | MALWARE | RAT |
| 14.12.2023 | DarkCrystalRAT | DCRat is a typical RAT that has been around since at least June 2019. | MALWARE | RAT |
| 07.12.2023 | Krasue | Curse of the Krasue: New Linux Remote Access Trojan targets Thailand | MALWARE | RAT |
| 01.12.2023 | SugarGh0st RAT | New SugarGh0st RAT targets Uzbekistan government and South Korea | MALWARE | RAT |
| 01.12.2023 | Ghost RAT | According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth. | MALWARE | RAT |
| 28.11.2023 | Tiger RAT | This is third stage backdoor mentioned in the Kaspersky blog, "Andariel evolves to target South Korea with ransomware". The third stage payload was created via the second stage payload, is interactively executed in the operation and exists in both x64 and x86 versions. | MALWARE | RAT |
| 25.11.2023 | Konni | Konni is a remote administration tool, observed in the wild since early 2014. | MALWARE | RAT |
| 20.11.2023 | Sayler RAT | New Java-Based Sayler RAT Targets Polish Speaking Users | MALWARE | RAT |
| 17.11.2023 | AveMaria | Information stealer which uses AutoIT for wrapping. | MALWARE | RAT |
| 16.11.2023 | SparkRAT | BlueShell malware used in APT attacks targeting Korea and Thailand | MALWARE | RAT |
| 09.11.2023 | Action RAT | Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence | MALWARE | RAT |
| 09.11.2023 | AllaKore | AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. It implements the RFB protocol which uses frame buffers and thus is able to send back only the changes of screen frames to the controller, speeding up the transport and visualization control. | MALWARE | RAT |
| 06.11.2023 | Google Calendar RAT | The Rising Threat of Covert Cyber Attacks through Google Calendar | MALWARE | RAT |
| 27.10.2023 | Python-based RAT | Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection | MALWARE | RAT |
| 27.10.2023 | Powershell-RAT | In this course, you will learn exfiltration over alternative protocol: exfiltration over unencrypted/obfuscated non-C2 protocol using Powershell RAT. | MALWARE | RAT |
| 20.10.2023 | RokRAT | It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. | MALWARE | RAT |
| 19.10.2023 | Venom RAT | VenomRAT - new, hackforums grade, reincarnation of QuassarRAT | MALWARE | RAT |
| 16.10.2023 | Hook | According to ThreatFabric, this is a malware family based on apk.ermac. The name hook is the self-advertised named by its vendor DukeEugene. | MALWARE | RAT |
| 14.10.2023 | ROMCOM RAT | Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. | MALWARE | RAT |
| 13.10.2023 | SeroXen RAT | Phylum Discovers SeroXen RAT in Typosquatted NuGet Package | MALWARE | RAT |
| 08.10.2023 | HyperBro | HyperBro is a RAT that has been observed to target primarily within the gambling industries, though it has been spotted in other places as well. | MALWARE | RAT |
| 05.10.2023 | DinodasRAT | DinodasRAT uses TEA to decrypt some of its strings, as well as to encrypt/decrypt data sent to, or received from, its C&C server. | MALWARE | RAT |
| 05.10.2023 | SeroXen | SeroXen is a fileless Remote Access Trojan (RAT) that excels in evading detection through both static and dynamic analysis methods | MALWARE | RAT |
| 30.09.2023 | ZenRAT | Proofpoint identified a new malware called ZenRAT being distributed via fake installation packages of the password manager Bitwarden. | MALWARE | RAT |
| 30.09.2023 | Gh0stCringe | Gh0stCringe RAT Being Distributed to Vulnerable Database Servers | MALWARE | RAT |
| 30.09.2023 | China Chopper | China Chopper is a Web Shell hosted on Web servers to provide access back into an enterprise network that does not rely on an infected system calling back to a remote command and control server. It has been used by several threat groups. | MALWARE | RAT |
| 22.09.2023 | Venom RAT | Attack Activities by Quasar Family | MALWARE | RAT |
| 20.09.2023 | ValleyRAT | In March 2023, Proofpoint identified a new malware we dubbed ValleyRAT. | MALWARE | RAT |
| 19.09.2023 | XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | MALWARE | RAT |
| 19.09.2023 | CapraRAT | According to PCrisk, CapraRAT is the name of an Android remote access trojan (RAT), possibly a modified version of another (open-source) RAT called AndroRAT. | MALWARE | RAT |
| 06.09.2023 | BlackRAT | Analysis of Andariel’s New Attack Activities | MALWARE | RAT |
| 06.09.2023 | GoatRAT | GoatRAT Attacks Automated Payment Systems | MALWARE | RAT |
| 02.09.2023 | NOVEL RAT | ANALYSIS OF NOVEL RAT DISCOVERED DUBBED “SUPERBEAR”. THE RAT HAS BEEN FOUND TARGETING JOURNALIST AND DEPLOYED USING OPEN-SOURCE AUTOIT SCRIPTS. | MALWARE | RAT |
| 25.08.2023 | CollectionRAT | Lazarus Group's infrastructure reuse leads to discovery of new malware | MALWARE | RAT |
| 25.08.2023 | QuiteRAT | QuiteRAT is a simple remote access trojan written with the help of Qt libraries. | MALWARE | RAT |
| 23.08.2023 | CraxsRAT | ‘Malware-as-a-service’ has been around for some time, however of late, it has become increasingly convenient for cybercriminals to kickstart their activities without having to learn malware development itself. | MALWARE | RAT |
| 23.08.2023 | CypherRat | The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code | MALWARE | RAT |
| 22.08.2023 | PlugX | RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. | MALWARE | RAT |
| 21.08.2023 | HiatusRAT | In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. | MALWARE | RAT |
| 19.08.2023 | Gigabud RAT | Gigabud is the name of an Android Remote Access Trojan (RAT) Android that can record the victim's screen and steal banking credentials by abusing the Accessibility Service. | MALWARE | RAT |
| 14.08.2023 | QwixxRAT | A new threat has emerged in the realm of cybersecurity, referred to as QwixxRAT. Both businesses and individual users are at risk, as this Trojan silently infiltrates devices, casting a wide net of data extraction. | MALWARE | RAT |
| 14.08.2023 | JanelaRAT | According to Zscaler, JanelaRAT is a heavily modified variant of BX RAT. | MALWARE | RAT |
| 12.08.2023 | XWorm | Malware with wide range of capabilities ranging from RAT to ransomware. | MALWARE | RAT |
| 08.08.2023 | OpenBullet | Multiple malicious OpenBullet configuration files are being shared within these communities, resulting in the installation of a Remote Access Trojan (RAT) on the user’s machine. | MALWARE | RAT |
| 03.08.2023 | Phorpiex | Proofpoint describes Phorpiex/Trik as a SDBot fork (thus IRC-based) that has been used to distribute GandCrab, Pushdo, Pony, and coinminers. | MALWARE | RAT |
| 03.08.2023 | Ekipa RAT | Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT | MALWARE | RAT |
| 31.07.2023 | AVrecon | AVrecon is a Linux-based Remote Access Trojan (RAT) targeting small-office/home-office (SOHO) routers and other ARM-embedded devices. | MALWARE | RAT |
| 26.07.2023 | Pupy RAT | Pupy is the name of an open-source Remote Administration Trojan (RAT) written in Python. | MALWARE | RAT |
| 22.07.2023 | DarkComet | DarkComet is one of the most famous RATs, developed by Jean-Pierre Lesueur in 2008. | MALWARE | RAT |
| 22.07.2023 | HotRat | HotRat: The Risks of Illegal Software Downloads and Hidden AutoHotkey Script Within | MALWARE | RAT |
| 18.07.2023 | Deed RAT | Deed RAT, a piece of remote access trojan malware, has seen a resurgence in use over the recent weeks. | MALWARE | RAT |
| 14.07.2023 | Colour-Blind | Kroll has identified a fully featured information stealer and remote access tool (RAT) in the Python Package Index (PyPI) that it is calling “Colour-Blind”. | MALWARE | RAT |
| 11.07.2023 | Pandora RAT | Github Repository with source code for Pandora hVNC | MALWARE | RAT |
| 10.07.2023 | RomCom RAT | Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. | MALWARE | RAT |
| 07.07.2023 | FlawedGrace | According to ProofPoint, FlawedGrace is written in C++ and can be categorized as a Remote Access Trojan (RAT) | MALWARE | RAT |
| 07.07.2023 | ROMCOM RAT | Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. | MALWARE | RAT |
| 07.07.2023 | Venom RAT | VenomRAT - new, hackforums grade, reincarnation of QuassarRAT | MALWARE | RAT |
| 30.06.2023 | YamaBot | Lazarus and the tale of three RATs | MALWARE | RAT |
| 30.06.2023 | MagicRAT | Emulating the Highly Sophisticated North Korean Adversary Lazarus Group | MALWARE | RAT |
| 30.06.2023 | Dtrack | Dtrack is a Remote Administration Tool (RAT) developed by the Lazarus group. | MALWARE | RAT |
| 30.06.2023 | EarlyRat | Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022 | MALWARE | RAT |
| 30.06.2023 | SeroXen | This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. | MALWARE | RAT |
| 22.06.2023 | Snip3 | Zscaler ThreatLabz researchers observed multiple threat campaigns utilizing the Snip3 crypter, a multi-stage remote access trojan (RAT). | MALWARE | RAT |
| 13.06.2023 | VenomRAT | The first messages about VenomRAT started to appear in June 2020. | MALWARE | RAT |
| 13.06.2023 | DCRat | DCRat is a typical RAT that has been around since at least June 2019. | MALWARE | RAT |
| 31.05.2023 | RomCom RAT | Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. | MALWARE | RAT |
| 19.05.2023 | TurkoRat | ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected. | MALWARE | RAT |
| 18.05.2023 | SpyNote | Android Spyware is one of the most common kinds of malware used by attackers to gain access to personal data and carry out fraud operations. | MALWARE | RAT |
| 12.05.2023 | AllaKore | AllaKore is a simple Remote Access Tool written in Delphi, first observed in 2015 but still in early stages of development. | MALWARE | RAT |
| 12.05.2023 | Action RAT | Action RAT is a remote access tool written in Delphi that has been used by SideCopy since at least December 2021 against Indian and Afghani government personnel. | MALWARE | RAT |
| 06.05.2023 | goatRat | goatRat is the name of a remote access trojan (RAT) - a malicious app that allows attackers to take control of an Android device. | MALWARE | RAT |
| 05.05.2023 | Gravity RAT | GravityRAT malware takes your system's temperature | MALWARE | RAT |
| 05.05.2023 | RokRAT | It is a backdoor commonly distributed as an encoded binary file downloaded and decrypted by shellcode following the exploitation of weaponized documents. | MALWARE | RAT |
| 28.04.2023 | Bisonal | Targets of Interest - Russian Organizations Increasingly Under Attack By Chinese APTs | MALWARE | RAT |
| 28.04.2023 | LimeRAT | Simple yet powerful RAT for Windows machines. This project is simple and easy to understand, It should give you a general knowledge about dotNET malwares and how it behaves. | MALWARE | RAT |
| 26.04.2023 | JLORAT | MALWARE | RAT | |
| 26.04.2023 | Ave Maria | Information stealer which uses AutoIT for wrapping. | MALWARE | RAT |
| 20.04.2023 | RomCom RAT | Unit 42 observed threat actor Tropical Scorpius using this RAT in operations where also Cuba ransomware was deployed. | MALWARE | RAT |
| 14.04.2023 | CapraRAT | Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials | MALWARE | RAT |
| 14.04.2023 | BLINDINGCAN | According to SentinelOne, this RAT can gather and transmit a defined set of system features, create/terminate/manipulate processes and files, and has self-updating and deletion capability. | MALWARE | RAT |
| 08.04.2023 | Ekipa RAT | Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT | MALWARE | RAT |
| 08.04.2023 | ViperRat | ViperRAT is an active, advanced persistent threat (APT) that sophisticated threat actors are actively using to target and spy on the Israeli Defense Force. | MALWARE | RAT |
| 23.03.2023 | DOTRUNPEX | DEMYSTIFYING NEW VIRTUALIZED .NET INJECTOR USED IN THE WILD | MALWARE | RAT |
| 10.03.2023 | NetWire | Netwire is a RAT, its functionality seems focused on password stealing and keylogging, but includes remote control capabilities as well. | MALWARE | RAT |
| 10.03.2023 | Xenomorph | Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor. | MALWARE | RAT |
| 07.03.2023 | CrimsonRat | CrimsonRAT is a remote access Trojan used to take remote control of infected systems and steal data. We know this particular RAT is used by the Transparent Tribe APT group. | MALWARE | RAT |
| 07.03.2023 | CapraRAT | Most likely active since July 2022, the campaign has distributed CapraRAT backdoors through at least two similar websites, while representing them as untainted versions of those secure messaging apps. | MALWARE | RAT |
| 06.03.2023 | ZuoRAT | According to Black Lotus Labs, ZuoRAT is a MIPS file compiled for SOHO routers that can enumerate a host and internal LAN, capture packets being transmitted over the infected device and perform person-in-the-middle attacks (DNS and HTTPS hijacking based on predefined rules). | MALWARE | RAT |
| 06.03.2023 | HiatusRAT | Just nine months after discovering ZuoRAT – a novel malware targeting small office/home office (SOHO) routers – Lumen Black Lotus Labs® | MALWARE | RAT |
| 02.03.2023 | HyperBro | HyperBro is a RAT that has been observed to target primarily within the gambling industries, though it has been spotted in other places as well. | MALWARE | RAT |
| 28.02.2023 | BitRAT | According to Bitdefender, BitRAT is a notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums. Its price tag of $20 for lifetime access makes it irresistible to cybercriminals and helps the malicious payload spread. | MALWARE | RAT |
| 27.02.2023 | PlugX | RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. Once the device is infected, an attacker can remotely execute several kinds of commands on the affected system. | MALWARE | RAT |
| 23.02.2023 | Lilith RAT | New Ransomware Groups On The Rise: “RedAlert,” LILITH And 0mega Leading A Wave Of Ransomware Campaigns | MALWARE | RAT |
| 21.02.2023 | ReverseRAT | APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT | MALWARE | RAT |
| 18.02.2023 | OxtaRAT | Operation Silent Watch: Desktop Surveillance in Azerbaijan and Armenia | MALWARE | RAT |
| 18.02.2023 | FatalRat | 'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks | MALWARE | RAT |
| 15.02.2023 | M2RAT | The RedEyes group is known to steal personal PC information as well as mobile phone data targeting specific individuals, not companies. The main characteristics of this RedEyes group attack case are the use of the Hangul EPS vulnerability and the spread of malicious code using the steganography technique. | MALWARE | RAT |
| 11.02.2023 | Ghost RAT | According to Security Ninja, Gh0st RAT (Remote Access Terminal) is a trojan “Remote Access Tool” used on Windows platforms, and has been used to hack into some of the most sensitive computer networks on Earth. | MALWARE | RAT |
| 11.02.2023 | CloudEyE | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | MALWARE | RAT |
| 08.02.2023 | Remcos | Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers. | MALWARE | RAT |
| 28.01.2023 | Orcus RAT | Orcus has been advertised as a Remote Administration Tool (RAT) since early 2016. It has all the features that would be expected from a RAT and probably more. | MALWARE | RAT |
| 28.01.2023 | SparkRAT | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation | MALWARE | RAT |
| 28.01.2023 | CageyChameleon | CageyChameleon Malware is a VBS-based backdoor which has the capability to enumerate the list of running processes and check for the presence of several antivirus products. CageyChameleon will collect user host information, system current process information, etc. The collected information is sent back to the C2 server, and continue to initiate requests to perform subsequent operations. | MALWARE | RAT |
| 27.01.2023 | StrifeWater | StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations | MALWARE | RAT |
| 27.01.2023 | PY#RATION | According to Securonix, this malware exhibits remote access trojan (RAT) behavior, allowing for control of and persistence on the affected host. | MALWARE | RAT |
| 20.01.2023 | NjRAT | We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Middle East and North Africa. | MALWARE | RAT |
| 14.01.2023 | STRRAT | Let’s take a look at a recent sample of the Java-based malware known as STRRAT. | MALWARE | RAT |
| 09.01.2023 | BitRAT | A new malware campaign has been observed using sensitive information stolen from a bank as a lure in phishing emails to drop a remote access trojan called BitRAT. | MALWARE | RAT |
| 28.06.2022 | ZuoRAT | A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. | MALWARE | RAT |
| 25.06.2022 | StrifeWater RAT | Following recently published research detailing the group’s TTPs including their main tools “PyDcrypt” and “DCSrv”, the Cybereason Nocturnus team discovered a previously unidentified Remote Access Trojan (RAT) in the Moses Staff arsenal dubbed StrifeWater. | MALWARE | RAT |
| 14.06.2022 | Warzone RAT | Warzone aims to be the Remote Access Trojan (RAT) of choice for aspiring miscreants on a budget. It is sold on a publicly available website as opposed to on the dark web, as a Malware-as-a-Service (MaaS) subscription-based platform. | MALWARE | RAT |
| 14.06.2022 | Arkei | Arkei Infostealer Expands Reach Using SmokeLoader to Target Crypto Wallets and MFA | MALWARE | RAT |
| 14.06.2022 | PureCrypter | PureCrypter has been growing in popularity with a number of information stealers and remote access trojans (RATs) being deployed by it. ThreatLabz has observed PureCrypter being used to distribute the following malware families: | MALWARE | RAT |
| 12.05.2022 | Bitter APT | MALWARE | RAT | |
| 12.05.2022 | Nerbian RAT | The newly identified Nerbian RAT leverages multiple anti-analysis components spread across several stages, including multiple open-source libraries. It is written in operating system (OS) agnostic Go programming language, compiled for 64-bit systems, and leverages several encryption routines to further evade network analysis. | MALWARE | RAT |
| 10.05.2022 | DarkCrystal RAT | DCRat (also known as DarkCrystal RAT) is a commercial Russian backdoor that was first released in 2018, before being redesigned and relaunched a year later. Notably, this threat appears to have been developed and maintained by a single person going by the pseudonyms of “boldenis44,” “crystalcoder,” and Кодер (“Coder”). | MALWARE | RAT |
| 08.05.2022 | NanoCore | Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors. | MALWARE | RAT |
| 08.05.2022 | Remcos | Remcos (acronym of Remote Control & Surveillance Software) is a Remote Access Software used to remotely control computers.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user. | MALWARE | RAT |
| 02.04.2022 | Gh0st RAT | MALWARE | RAT | |
| 02.04.2022 | ObliqueRAT | MALWARE | RAT | |
| 02.04.2022 | CapraRAT | MALWARE | RAT | |
| 28.03.2022 | FatalRat | MALWARE | RAT |