RAT Archives - /dev/random

[SANS ISC] From a Zalando Phishing to a RAT

August 18, 2023 Malware, SANS Internet Storm Center, Security Leave a comment

Today, I published the following diary on isc.sans.edu: “From a Zalando Phishing to a RAT“: Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German

[SANS ISC] Remcos RAT Delivered Through Double Compressed Archive

February 18, 2022 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “Remcos RAT Delivered Through Double Compressed Archive“: One of our readers shared an interesting sample received via email. Like him, if you get access to interesting/suspicious data, please share it with us (if you’re authorized of course). We are always looking for fresh

[SANS ISC] CinaRAT Delivered Through HTML ID Attributes

February 11, 2022 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “CinaRAT Delivered Through HTML ID Attributes“: A few days ago, I wrote a diary about a malicious ISO file being dropped via a simple HTML file. I found another sample that again drops a malicious ISO file but this time, it is much

[SANS ISC] No Python Interpreter? This Simple RAT Installs Its Own Copy

April 9, 2021 Malware, Python, SANS Internet Storm Center, Security One comment

I published the following diary on isc.sans.edu: “No Python Interpreter? This Simple RAT Installs Its Own Copy“: For a while, I’m keeping an eye on malicious Python code targeting Windows environments. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default

[SANS ISC] From VBS, PowerShell, C Sharp, Process Hollowing to RAT

March 4, 2021 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “From VBS, PowerShell, C Sharp, Process Hollowing to RAT“: VBS files are interesting to deliver malicious content to a victim’s computer because they look like simple text files. I found an interesting sample that behaves like a dropper. But it looks also like Russian

[SANS ISC] Nicely Obfuscated Python RAT

October 15, 2020 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “Nicely Obfuscated Python RAT“: While hunting, I found an interesting Python script. It matched one of my YARA rules due to the interesting list of imports but the content itself was nicely obfuscated. The script SHA256 hash is c5c8b428060bcacf2f654d1b4d9d062dfeb98294cad4e12204ee4aa6e2c93a0b and the current VT score

[SANS ISC] Microsoft Publisher Files Delivering Malware

August 24, 2018 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.org: “Microsoft Publisher Files Delivering Malware“: Attackers are always searching for new ways to deliver malicious content to their victims. A few days ago, Microsoft Publisher malicious files were spotted by security researchers[1]. Publisher is a low-level desktop publishing application offered by Microsoft in