Revenge RAT

Revenge RAT is a remote access trojan discovered by Cisco Talos researchers using both this RAT and Orcus RAT as malware distribution campaigns targeting organizations including government entities, financial services organizations, information technology service providers and consultancies. It is capable of opening remote shells, allowing threat actors to manage file systems, processes, registry, and services in order to log keystrokes, dump victims’ passwords, and to access the webcam. Threat actors use DDNS to conceal their C2 servers and point the DDNS to the Portmap service to provide an additional layer of infrastructure obfuscation.

Technical Details

  • Bleeping Computer provides technical analysis on the Revenge RAT, available here.