Verticals Targeted: Cryptocurrency
Regions Targeted: India
Related Families: GolangGhost
Famous Chollima’s PylangGhost
Jun 23, 2025 2:25:38 PM / by The Hivemind posted in Blockchain, Threat Bulletin, North Korea, India, Malware, Python, Cryptocurrency, RAT, PylangGhost, GolangGhost, Famous Chollima
ResolverRAT Targets Healthcare Sector
Apr 28, 2025 1:19:17 PM / by The Hivemind posted in Threat Bulletin, Healthcare, RAT, Emerging Threat, ResolverRAT
Verticals Targeted: Healthcare, Pharmaceutical
Regions Targeted: Language based targeting of Czech, Hindi, Indonesian, Italian, Portuguese, Turkish
Related Families: Rhadamanthys, Lumma
Executive Summary
ResolverRAT is a sophisticated remote access trojan (RAT) targeting healthcare and pharmaceutical sectors globally. Deployed via localized phishing campaigns, this previously undocumented malware employs advanced in-memory execution and evasion techniques to steal sensitive data.
StilachiRAT
Mar 24, 2025 11:54:35 AM / by The Hivemind posted in Threat Bulletin, Backdoor, Cryptocurrency, RAT, Emerging Threat, StilachiRAT
Executive Summary
StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.
SystemBC Now Targeting Linux
Feb 18, 2025 2:05:57 PM / by The Hivemind posted in Threat Bulletin, Linux, RAT, SystemBC, Evolving Threat
Related Families: RIG, Fallout EK
Executive Summary
SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.
HZ Rat MacOS Variant
Sep 13, 2024 2:19:08 PM / by The Hivemind posted in Threat Bulletin, Backdoor, RAT, MacOS, HZ Rat
Executive Summary
A MacOS variant of HZ Rat was recently discovered targeting messaging apps in China. HZ Rat is a basic backdoor, and shell commands received from the C2 provide additional functionality.
DevPopper Campaign Targets Software Developers
Aug 26, 2024 1:38:47 PM / by The Hivemind posted in Threat Bulletin, North Korea, RAT, DevPopper
Verticals Targeted: Software Development
Executive Summary
An ongoing social engineering campaign was observed targeting software developers. The threat actors use fake interviews to deliver a Python-based RAT, known as DevPopper.
DISGOMOJI Linux RAT Controlled Via Discord Emojis
Jun 24, 2024 3:02:07 PM / by The Hivemind posted in Threat Bulletin, Espionage, India, Pakistan, Government, RAT, Discord, DISGOMOJI
Verticals Targeted: Government