Orcus RAT

Orcus RAT is a remote access trojan discovered by Cisco Talos researchers using both this RAT and Revenge RAT as malware distribution campaigns targeting organizations including government entities, financial services organizations, information technology service providers and consultancies. It is capable of loading custom plugins and has a modular architecture for better management and scalability. Threat actors use DDNS to conceal their C2 servers and point the DDNS to the Portmap service to provide an additional layer of infrastructure obfuscation.

Technical Details

  • Bleeping Computer provides technical analysis on the Orcus RAT, available here.

  • Palo Alto Networks provides more information, available here.