Verticals Targeted: Healthcare, Pharmaceutical
Regions Targeted: Language based targeting of Czech, Hindi, Indonesian, Italian, Portuguese, Turkish
Related Families: Rhadamanthys, Lumma
ResolverRAT Targets Healthcare Sector
Apr 28, 2025 1:19:17 PM / by The Hivemind posted in Threat Bulletin, Healthcare, RAT, Emerging Threat, ResolverRAT
StilachiRAT
Mar 24, 2025 11:54:35 AM / by The Hivemind posted in Threat Bulletin, Backdoor, Cryptocurrency, RAT, Emerging Threat, StilachiRAT
Executive Summary
StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.
SystemBC Now Targeting Linux
Feb 18, 2025 2:05:57 PM / by The Hivemind posted in Threat Bulletin, Linux, RAT, SystemBC, Evolving Threat
Related Families: RIG, Fallout EK
Executive Summary
SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.
HZ Rat MacOS Variant
Sep 13, 2024 2:19:08 PM / by The Hivemind posted in Threat Bulletin, Backdoor, RAT, MacOS, HZ Rat
Executive Summary
A MacOS variant of HZ Rat was recently discovered targeting messaging apps in China. HZ Rat is a basic backdoor, and shell commands received from the C2 provide additional functionality.
DevPopper Campaign Targets Software Developers
Aug 26, 2024 1:38:47 PM / by The Hivemind posted in Threat Bulletin, North Korea, RAT, DevPopper
Verticals Targeted: Software Development
Executive Summary
An ongoing social engineering campaign was observed targeting software developers. The threat actors use fake interviews to deliver a Python-based RAT, known as DevPopper.
DISGOMOJI Linux RAT Controlled Via Discord Emojis
Jun 24, 2024 3:02:07 PM / by The Hivemind posted in Threat Bulletin, Espionage, India, Pakistan, Government, RAT, Discord, DISGOMOJI
Verticals Targeted: Government
Executive Summary
DISGOMOJI is a RAT controlled via emojis sent over Discord. It was recently observed targeting government entities in India.
Executive Summary
XWorm is a .NET based, modular, multi-purpose malware family most often used as a RAT. CERT Polska analyzed an Xworm sample distributed via malspam containing an .lzh file.
Qakbot Threat Actors Distributing Ransom Knight And Remcos
Oct 20, 2023 4:30:11 PM / by PolySwarm Tech Team posted in Threat Bulletin, Qbot, RAT, Remcos RAT, Ransom Knight, Qakbot
Executive Summary
Threat actors affiliated with Qakbot were observed distributing Ransom Knight ransomware and Remcos RAT.