Abaddon: Discord as a C2

At time of writing, Abaddon might be the first RAT using Discord as a C2 to carry out attacks and execute commands on infected machines. While this might not be a big threat to companies (assuming that you already blacklisted any discord domains since it doesn’t make any sense…

Quasar: open source RAT

Managed Defense analysts were the first one to analyse a variant of Quasar RAT specific to threat group APT10 (Red Apollo), a Chinese cyber-espionage group. Quasar RAT is a publicly available remote access trojan that is a fully functional .NET backdoor and freely available on Github. Some of the malware’…

Agent Tesla: triple encrypted payload

Agent Telsa is a spyware, keylogger and information stealer Trojan written in C# that has been active since 2014 as a MaaS (Malware as a Service). Commonly distributed via emails, the attacker intends to lure the victim into opening the attachment. Once macros have been enabled, the malware will simply…