https://github.com/alphaSeclab/awesome-rat

RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.
https://github.com/alphaSeclab/awesome-rat

List: awesome-rat

c2 command-and-control command-control malware-analysis rat rat-analysis rat-malware remote-access-tool remote-administration-tool

Last synced: about 1 year ago
JSON representation

RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.

• Host: GitHub
• URL: https://github.com/alphaSeclab/awesome-rat
• Owner: alphaSeclab
• Created: 2019-12-30T03:30:19.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2020-02-17T09:23:02.000Z (over 6 years ago)
• Last Synced: 2025-05-07T21:01:57.430Z (about 1 year ago)
• Topics: c2, command-and-control, command-control, malware-analysis, rat, rat-analysis, rat-malware, remote-access-tool, remote-administration-tool
• Homepage:
• Size: 212 KB
• Stars: 1,994
• Watchers: 78
• Forks: 442
• Open Issues: 0
• Metadata Files:
  • Readme: Readme.md
  • Changelog: history/RAT_20191230114107.json

Awesome Lists containing this project

• awesome-reverse-engineering - 开源远控和恶意远控分析报告: awesome-rat
• awesome-honeypot - 开源远控和恶意远控分析报告: awesome-rat
• ultimate-awesome - awesome-rat - RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video. (Other Lists / TeX Lists)
• awesome-security-collection - 开源远控和恶意远控分析报告
• awesome-webshell - 开源远控和恶意远控分析报告: awesome-rat
• awesome-forensics - 开源远控和恶意远控分析报告: awesome-rat
• awesome-hacking-lists - alphaSeclab/awesome-rat - RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video. (Others)

README

          
# [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)

# RAT

- 250+ 开源远控/C&C工具，1200+ RAT分析报告\C&C相关文章等。

- [English Version](https://github.com/alphaSeclab/awesome-rat/blob/master/Readme_en.md)

# 目录

- [开源工具](#39bad1d60c8fbb697fd8701ffafc50a6)

    - [pupy](#98000cf45f63bf295d39e9255d7972ca) ->  [(1)工具](#ff6ee8128d4f01f80c3f2bb522f0d5e9) [(6)文章](#4f5ffa16436730588e8d009febe1bd5c)

    - [Covenant](#1acc99cd2330bc55f1dffecfa75b9c7d) ->  [(3)工具](#05d2a0aed9499aea447e90668c8d5103) [(18)文章](#81af73c48e520a45619cbf7769cc64b5)

    - [Slackor](#cf120400afb57c2af9b8da037b3b7c3b) ->  [(1)工具](#280aaf2c1b0f44b6f5ec7095d7b35578) [(3)文章](#8adba68f714e281a3bb7faa2c3661d1b)

    - [QuasarRAT](#05df4f3dd6438b6f6d67f56a8b6e40f3) ->  [(1)工具](#c2df559aa60f8bfd5da4d9fc7c0ea0d2) [(9)文章](#36c965d7808be2799f70e4d910a17abd)

    - [EvilOSX](#380ea0abfdbf07624ebf45681b773e54) ->  [(1)工具](#a69f3baa491547ddf6a628cda168b492) [(9)文章](#375dc16ed1cf6be4274da55140784610)

    - [Merlin](#42a4a0bcb02fcb7a30fe7e42b7a9cdb5) ->  [(1)工具](#941bae92e80ca3f9c21a232cc959eb67) [(3)文章](#5b3a7a286bac53bf26395ea5ffb6c590)

- [商业软件](#f1821c037c77e23ca5c2552477708930)

    - [Team Viewer](#db69305116cf91a4e67b4c75465dfe3e) ->  [(7)工具](#d42849969f2b53c898f0b6e710dc3027) [(34)文章](#eed97a5a9b2346759fb7bb30c5a98bbe)

- [恶意软件(部分)](#f6f85e2d4f8e5442884f4d9b6e56ca42)

    - [Gh0st](#74d9131b5ad95c569c0afb9ee5a3c9b9) ->  [(5)工具](#dcb10cc6813a25815201b36bacdef198) [(23)文章](#683b7000242336c05ea278c9ad3d7e5e)

    - [NanoCore](#81308c6923f66db886efe8ae967c2845) ->  [(1)工具](#c84aebee516fbf526701102cfa6d0a98) [(32)文章](#6df7f0da7bb260a54405579912678c0d)

    - [NjRat](#31bd9e6c54fdd9a00a45542e53abc13b) ->  [(4)工具](#ff7bcb6c765cb73cfadda9f06deda668) [(20)文章](#de09011e16164e950d653756212219ac)

    - [Revenge RAT](#db2bbd5298638952f34060e4f8ee0053) ->  [(1)工具](#cef60ee76daa3240e95bbf82f2994848) [(9)文章](#2dd3016da115b16c9de264b885105eff)

    - [PlugX](#37466b42f2f777fa5a6400d78931995c) ->  [(1)工具](#03b501e2e5da59c3c97027775e6a93b7) [(40)文章](#17ca6dd6130c10b726039472c20bb093)

    - [(25) RemcosRAT](#ee2e3505664b3a7d26842b0278ccce23)

    - [(3) L0rdixRAT](#3f113acb3b6863c4ec5cbe04ce69f841)

    - [(1) LodaRAT](#07522f33ae58f9d0de0bdc202f6aa1aa)

    - [(9) GulfRAT](#e8fa6ccd3f727add34525951a81fd493)

    - [(14) NetWireRAT](#57ea699dadcafe202a31772c837f9b7f)

    - [(1) JhoneRAT](#20cd83aa4b202931ed4597c506d61257)

    - [(2) Dacls](#2da027a7cc244e466f914c996623d114)

    - [(1) BlackRemote](#8bfe869e8aca6fa9e7d2d5b0353c0dc2)

    - [(17) Orcus](#9ac323d054e6f52e9a92e449b51e75e6)

    - [(1) NukeSped](#8038672c0b8ef4b0b82afdeae025b38c)

    - [(21) DarkComet](#11b35c707990ed436d23cc7495713177)

    - [(1) WarZone RAT](#5af0edca5a51bdd5fd8f8d37b08218c8)

    - [(16) BlackShades](#84187b0e75ca2a5a844f0367bf6d3c6b)

    - [(1) DenesRAT](#36531e67f10ecd7114880530e5e46e95)

    - [(4) WSH RAT](#660f78a639f351f8404accad8c711ca4)

    - [(2) Qrypter RAT](#319dcbdac181398a9b2ba7f5424a3e04)

    - [(20) Adwind](#eb6a3a9a179678734be43ea1eb26f1c3)

    - [(1) CannibalRAT](#eb3c9f8af4ebe91aca4649718ff595c2)

    - [(3) jRAT](#5fe739ee0e8778979807558ccd439b07)

    - [(5) jsRAT](#b62c18c1b4fc6d5b52ca826b36cf0819)

    - [(4) CrossRat](#8d0732c4a6cf2393c0ff4e6cfe54f50f)

    - [(1) ArmaRat](#bb9ad532c3a3c9235157325236380a96)

    - [(6) RokRAT](#504b8511fe74ddb142775e007fa509f8)

    - [(1) CatKARAT](#ec8fe0e42f60749c29b75ed6708a5323)

    - [(5) TheFatRat](#c3abd29c4145412f661b02b37347e70b)

    - [(2) OmniRAT](#f1e2e824425e798bf4e410e4496181ed)

    - [(6) LuminosityLink](#bea46716ccf78713fbb9764999968e72)

    - [(477) 其他](#6e0343d40b9606a34ad2ff311d0d259a)

- [利用公开服务](#e80bdc9447f3cdc9416282b598b14cf7)

    - [Telegram](#17b978a5c371699ccd9a5687ae3f3949) ->  [(3)工具](#492b34c27ab06b3696c0464465b74eec) [(2)文章](#06365f440cb6fa3e0daf933cb0874c8b)

    - [Twitter](#a6303482a58e0d14bb8ce1849817ab5a) ->  [(2)工具](#ae91172321950c1296375e9c9059d773) [(6)文章](#f6f5e4da48152e5b0bc45608a3f9a656)

    - [GMail](#d2041a55efcfc29ca6a257916255b43b) ->  [(3)工具](#be2346c808f9813f13da3526576e1839) [(8)文章](#4b9fa06652be565e5e53db0b094bfb80)

    - [Github](#b37bc6073be9a78ed6dbd0d21251fc63) ->  [(1)工具](#842ef8261474bd529ac72c43dcf9c1fa) [(5)文章](#d46b05d91c64bed9533dd00ba8eac513)

    - [DropBox](#618ec29a95a1f90a2696490d1f1afb2f) ->  [(1)工具](#a6091cce89af46f8e9deb0efe0a378cc) [(3)文章](#59b97649c4ed0a852859d07d2e640c45)

    - [区块链](#2b58c60ed7c7920f03979756f6f72fcc) ->  [(2)工具](#920d0c6167385c71e171ccbe71397f7a) [(1)文章](#3d26ec5c4c50edaaf343903e5fb182c2)

    - [其他](#1e53961ca8fc592a588e18a5f1519078) ->  [(15)工具](#77cdae7f8911e93ff055f270ef9bf562) [(5)文章](#8842ea68ff727ac4d5d970405f152161)

- [通信协议](#9f6f77f1fcf614c9738dfeac9cc5d1d3)

    - [DNS协议](#7485e724ef5efd1daf9d672bd72fb595)

        - [(9) 工具](#d70a62f77fa20a2219e81fa61527e644)

        - [(18) 文章](#fa377fafdbd3ef80574411ef3a54c693)

        - [Domain Generation Algorithm(DGA)](#41df71c75c08038e17e5526fe0afceb5) ->  [(14)工具](#a2e73ce71da73fb1b4ab8cb52449d839) [(42)文章](#7c21e329221f50f2b9c1918ab01c26fd)

    - [ICMP](#867ed7efa4643442ef6859571db8a587) ->  [(5)文章](#aa2a205557d269a563191e7fc7f7eb0a)

    - [WebSocket](#fe3abb0c040999744a648ed68780835c) ->  [(2)工具](#097f22edaf98529c95353d8edef562b7) [(5)文章](#f2f397345d35d2cc574a4689ad4c8293)

- [C&C](#1c28538afe533f545b540cbd78637241)

    - [Cobalt Strike](#e8d16b3301a2ab9109b503b89ec6eece) ->  [(14)工具](#f587c1f0baaf7aa1d9e9c5fe533c7a6d) [(8)文章](#249b843c26732ce792d7448c2601f595)

    - [工具](#ec8ac76dec379ff452f681a4504444b8)

        - [(64) 新添加](#dbd38a8d8a1e246cd8628a34002c5fe7)

    - [文章](#307c055d7414abc9ab9f2fb4e85456e1)

        - [(258) 新添加](#dc96281ca669ac06c3d7d134c7f90643)

- [远控](#b318465d0d415e35fc0883e9894261d1)

    - [工具](#9e3a9beb5ecf36b9624525bc3cfef78a)

        - [(9) Android](#6ed48c90d1bd6a31a4ea7380f4f5768a)

        - [(5) Linux](#fa50a59bde92471d60f030ea12817540)

        - [(17) Windows](#1da695fd3dec80b88aadb1b7c724330f)

        - [(4) Apple](#674863bb36ce7a2f814934480c7fd3d2)

        - [(90) 新添加](#964a3580a7a7f66571ee1d2c0f34f2d6)

    - [文章](#39ccec75049c60fa1d5dd46fea812331)

# 开源工具

***

## pupy

### 工具

- [**5265**星][1m] [Py] [n1nj4sec/pupy](https://github.com/n1nj4sec/pupy) Python编写的远控、后渗透工具，跨平台（Windows, Linux, OSX, Android）

### 文章

- 2020.01 [TheCyberWire] [PupyRAT is back. So is the Konni Group. Twitter storm over claims that MBS hacked Jeff Bezos....](https://www.youtube.com/watch?v=q_zqp7BTVyU)

- 2019.03 [hackingarticles] [Command & Control Tool: Pupy](https://www.hackingarticles.in/command-control-tool-pupy/)

- 2017.11 [chokepoint] [Pupy as a Metasploit Payload](http://www.chokepoint.net/2017/11/pupy-as-metasploit-payload.html)

- 2017.10 [boredhackerblog] [Pupy shell over Tor](http://www.boredhackerblog.info/2017/10/pupy-shell-over-tor.html)

- 2017.02 [n0where] [Open Source Cross Platform RAT: Pupy](https://n0where.net/open-source-cross-platform-rat-pupy)

- 2015.10 [hackingarticles] [Hack Remote PC using Pupy – Remote Administration Tool](http://www.hackingarticles.in/hack-remote-pc-using-pupy-remote-administration-tool/)

***

## Covenant

### 工具

- [**1147**星][6d] [C#] [cobbr/covenant](https://github.com/cobbr/covenant) Covenant is a collaborative .NET C2 framework for red teamers.

- [**95**星][9d] [C#] [cobbr/elite](https://github.com/cobbr/elite) Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers.

- [**31**星][4m] [C#] [cobbr/c2bridge](https://github.com/cobbr/c2bridge) C2Bridges allow developers to create new custom communication protocols and quickly utilize them within Covenant.

### 文章

- 2020.01 [csis] [Embedding external DLLs into Covenant Tasks](https://medium.com/p/de443c4a2b84)

- 2020.01 [hakin9] [Covenant the .NET based C2 on Kali Linux | by Dan Dieterle](https://hakin9.org/covenant-the-net-based-c2-on-kali-linux/)

- 2019.12 [cyberarms] [Covenant the .NET based C2 on Kali Linux](https://cyberarms.wordpress.com/2019/12/30/covenant-the-net-based-c2-on-kali-linux/)

- 2019.12 [rastamouse] [Covenant Tasks 101](https://rastamouse.me/2019/12/covenant-tasks-101/)

- 2019.12 [rsa] [Using RSA NetWitness to Detect C&C: Covenant](https://community.rsa.com/community/products/netwitness/blog/2019/12/20/using-rsa-netwitness-to-detect-cc-covenant)

- 2019.11 [4hou] [Covenant利用分析](https://www.4hou.com/technology/21328.html)

- 2019.11 [3gstudent] [Covenant利用分析](https://3gstudent.github.io/3gstudent.github.io/Covenant%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/)

- 2019.10 [cobbr] [Covenant: Developing Custom C2 Communication Protocols](https://cobbr.io/Covenant-Developing-Custom-C2-Protocols.html)

- 2019.10 [specterops] [Covenant: Developing Custom C2 Communication Protocols](https://medium.com/p/895587e7f325)

- 2019.09 [freebuf] [Covenant：针对红队设计的.NET命令行控制框架](https://www.freebuf.com/articles/system/213672.html)

- 2019.09 [stealthbits] [Setup, Configuration, and Task Execution with Covenant: The Complete Guide](https://blog.stealthbits.com/setup-configuration-and-task-execution-with-covenant-the-complete-guide/)

- 2019.08 [stealthbits] [Next-Gen Open Source C2 Frameworks in a Post PSEmpire World: Covenant](https://blog.stealthbits.com/next-gen-open-source-c2-frameworks/)

- 2019.08 [rastamouse] [Covenant, Donut, TikiTorch](https://rastamouse.me/2019/08/covenant-donut-tikitorch/)

- 2019.08 [cobbr] [Covenant: The Usability Update](https://cobbr.io/Covenant-The-Usability-Update.html)

- 2019.08 [specterops] [Covenant: The Usability Update](https://medium.com/p/9a7a596a4772)

- 2019.02 [cobbr] [Entering a Covenant: .NET Command and Control](https://cobbr.io/Covenant.html)

- 2019.02 [rvrsh3ll] [Entering a Covenant: .NET Command and Control](https://posts.specterops.io/entering-a-covenant-net-command-and-control-e11038bcf462)

- 2019.01 [specterops] [Entering a Covenant: .NET Command and Control](https://medium.com/p/e11038bcf462)

***

## Slackor

### 工具

- [**332**星][12d] [Py] [coalfire-research/slackor](https://github.com/coalfire-research/slackor) A Golang implant that uses Slack as a command and control server

### 文章

- 2019.09 [freebuf] [Slackor：Go语言写的一款C&C服务器](https://www.freebuf.com/sectool/212690.html)

- 2019.08 [freebuf] [Slackor：如何将Slack当作你的命令控制服务器](https://www.freebuf.com/articles/network/209252.html)

- 2019.06 [n00py] [Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel](https://www.n00py.io/2019/06/introducing-slackor-a-remote-access-tool-using-slack-as-a-c2-channel/)

***

## QuasarRAT

### 工具

- [**2932**星][10m] [C#] [quasar/quasarrat](https://github.com/quasar/quasarrat) Remote Administration Tool for Windows

### 文章

- 2019.10 [UltraHacks] [QuasarRAT [Free Download] | [TUTORIAL VIDEO] | Ultra Hacks](https://www.youtube.com/watch?v=0pyPk26lNiE)

- 2018.09 [malwarebytes] [Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT](https://blog.malwarebytes.com/threat-analysis/2018/09/buggy-implementation-of-cve-2018-8373-used-to-deliver-quasar-rat/)

- 2018.03 [4hou] [深入分析利用宏代码传播NetwiredRC和Quasar RAT的恶意RTF文档](http://www.4hou.com/web/10909.html)

- 2018.01 [paloaltonetworks] [VERMIN: Quasar RAT and Custom Malware Used I](https://unit42.paloaltonetworks.com/unit42-vermin-quasar-rat-custom-malware-used-ukraine/)

- 2017.12 [HackerSploit] [QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows](https://www.youtube.com/watch?v=kyueZUfSWO4)

- 2017.11 [n0where] [Free, Open-Source Remote Administration Tool for Windows: QuasarRAT](https://n0where.net/free-open-source-remote-administration-tool-for-windows-quasarrat)

- 2017.10 [TechnoHacker] [Quasar RAT review](https://www.youtube.com/watch?v=fS9OTERI3hg)

- 2017.10 [rsa] [MalSpam Delivers RAT SpyWare Quasar 9-27-2017](https://community.rsa.com/community/products/netwitness/blog/2017/10/02/malspam-delivers-rat-spyware-quasar-9-27-2017)

- 2017.01 [paloaltonetworks] [Downeks and Quasar RAT Used in Recent Targeted Attacks Against Go](https://unit42.paloaltonetworks.com/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/)

***

## EvilOSX

### 工具

- [**1376**星][2y] [Py] [marten4n6/evilosx](https://github.com/marten4n6/evilosx) An evil RAT (Remote Administration Tool) for macOS / OS X.

### 文章

- 2019.07 [hackingarticles] [EvilOSX-RAT for MacOS/OSX](https://www.hackingarticles.in/evilosx-rat-for-macos-osx/)

- 2019.06 [NullByte] [Take Control Over MacOS Computers with EvilOSX [Tutorial]](https://www.youtube.com/watch?v=qxymLHGnCo4)

- 2018.08 [freebuf] [EvilOSX：一款功能强大的macOS远程管理工具（RAT）](http://www.freebuf.com/sectool/180668.html)

- 2018.07 [pentesttoolz] [EvilOSX – Evil Remote Administration Tool (RAT) for macOS/OS X – Kali Linux 2018.2](https://pentesttoolz.com/2018/07/04/evilosx-evil-remote-administration-tool-rat-for-macos-os-x-kali-linux-2018-2/)

- 2018.06 [n0where] [Pure python post-exploitation RAT for macOS & OSX: EvilOSX](https://n0where.net/pure-python-post-exploitation-rat-for-macos-osx-evilosx)

- 2018.03 [applehelpwriter] [defending against EvilOSX, a python RAT with a twist in its tail](http://applehelpwriter.com/2018/03/09/defending-against-evilosx-a-python-rat-with-a-twist-in-its-tail/)

- 2018.03 [binarydefense] [EvilOSX - Binary Defense](https://www.binarydefense.com/evilosx/)

- 2018.03 [binarydefense] [EvilOSX](https://blog.binarydefense.com/evilosx)

- 2017.11 [NullByte] [EvilOSX RAT - How to build a payload and start a server](https://www.youtube.com/watch?v=csqnJUxrpOw)

***

## Merlin

### 工具

- [**2568**星][6m] [Go] [ne0nd0g/merlin](https://github.com/ne0nd0g/merlin) Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.

### 文章

- 2019.03 [hackingarticles] [Command and Control Guide to Merlin](https://www.hackingarticles.in/command-and-control-guide-to-merlin/)

- 2018.02 [lockboxx] [Merlin for Red Teams](https://lockboxx.blogspot.com/2018/02/merlin-for-red-teams.html)

- 2017.12 [n0where] [Cross-Platform Post-Exploitation HTTP/2 Command & Control  Server: Merlin](https://n0where.net/cross-platform-post-exploitation-http-2-command-control-server-merlin)

# 商业软件

***

## Team Viewer

### 工具

- [**405**星][2y] [C++] [vah13/extracttvpasswords](https://github.com/vah13/extracttvpasswords) tool to extract passwords from TeamViewer memory using Frida

- [**277**星][2y] [C++] [gellin/teamviewer_permissions_hook_v1](https://github.com/gellin/teamviewer_permissions_hook_v1) A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.

- [**175**星][9d] [uknowsec/sharpdecryptpwd](https://github.com/uknowsec/sharpdecryptpwd) 对密码已保存在 Windwos 系统上的部分程序进行解析,包括：Navicat,TeamViewer,FileZilla,WinSCP,Xmangager系列产品（Xshell,Xftp)。

- [**59**星][2y] [Py] [attackercan/teamviewer-dumper](https://github.com/attackercan/teamviewer-dumper) 从内存中转储TeamViewer ID 和密码

- [**42**星][6d] [C#] [v1v1/decryptteamviewer](https://github.com/v1v1/decryptteamviewer) Enumerate and decrypt TeamViewer credentials from Windows registry

- [**36**星][5y] [C++] [kkar/teamviewer-dumper-in-cpp](https://github.com/kkar/teamviewer-dumper-in-cpp) Dumps TeamViewer ID,Password and account settings from a running TeamViewer instance by enumerating child windows.

- [**25**星][5m] [C++] [dydtjr1128/remoteassistance-cpp](https://github.com/dydtjr1128/remoteassistance-cpp) [WIP]RemoteAssistance like TeamViewer(C++)

### 文章

- 2020.02 [yoroi] [Importante Vulnerabilità su TeamViewer](https://blog.yoroi.company/warning/importante-vulnerabilita-su-teamviewer/)

- 2020.01 [freebuf] [“正版”监控软件被黑产利用，输出把关不严或成另一个TeamViewer？](https://www.freebuf.com/articles/system/225335.html)

- 2019.11 [sessionstack] [TeamViewer, and Alternative Remote Access and Web Conferencing Solutions, Through the Lens of Customer Service](https://blog.sessionstack.com/teamviewer-and-alternative-remote-access-and-web-conferencing-solutions-through-the-lens-of-c219d0db7f85)

- 2019.10 [threatbook] [“TeamViewer被黑门”是确有其事还是夸大其词？别慌！一文看懂应对方法](https://x.threatbook.cn/nodev4/vb4/article?threatInfoID=1994)

- 2019.10 [freebuf] [TeamViewer据称“被入侵”事件的研判及结论](https://www.freebuf.com/articles/system/216444.html)

- 2019.04 [4hou] [利用木马化TeamViewer针对多个国家政府机构的攻击行动](https://www.4hou.com/web/17610.html)

- 2019.04 [0x00sec] [Port 5900 open on a MAC that used Teamviewer, trying to access it](https://0x00sec.org/t/port-5900-open-on-a-mac-that-used-teamviewer-trying-to-access-it/13173/)

- 2018.09 [blackmoreops] [Install TeamViewer on Kali Linux 2018](https://www.blackmoreops.com/2018/09/25/install-teamviewer-on-kali-linux-2018/)

- 2018.08 [freebuf] [你下载的TeamViewer13破解版可能有毒](http://www.freebuf.com/vuls/175689.html)

- 2018.08 [4hou] [使用RMS和TeamViewer攻击工业公司](http://www.4hou.com/web/12940.html)

- 2018.08 [kaspersky] [Attacks on industrial enterprises using RMS and TeamViewer](https://ics-cert.kaspersky.com/reports/2018/08/01/attacks-on-industrial-enterprises-using-rms-and-teamviewer/)

- 2018.08 [securelist] [Attacks on industrial enterprises using RMS and TeamViewer](https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/)

- 2017.12 [4hou] [TeamViewer 13.0.5058中的权限漏洞测试](http://www.4hou.com/vulnerable/9243.html)

- 2017.12 [3gstudent] [TeamViewer 13.0.5058中的权限漏洞测试](https://3gstudent.github.io/3gstudent.github.io/TeamViewer-13.0.5058%E4%B8%AD%E7%9A%84%E6%9D%83%E9%99%90%E6%BC%8F%E6%B4%9E%E6%B5%8B%E8%AF%95/)

- 2017.12 [3gstudent] [TeamViewer 13.0.5058中的权限漏洞测试](https://3gstudent.github.io/3gstudent.github.io/TeamViewer-13.0.5058%E4%B8%AD%E7%9A%84%E6%9D%83%E9%99%90%E6%BC%8F%E6%B4%9E%E6%B5%8B%E8%AF%95/)

- 2017.12 [malwarebytes] [Use TeamViewer? Fix this dangerous permissions bug with an update](https://blog.malwarebytes.com/cybercrime/2017/12/use-teamviewer-fix-this-dangerous-permissions-bug-with-an-update/)

- 2017.11 [360] [基于TeamViewer的瞄准小公司的远控木马分析](https://www.anquanke.com/post/id/87336/)

- 2017.08 [freebuf] [利用Frida从TeamViewer内存中提取密码](http://www.freebuf.com/sectool/142928.html)

- 2017.04 [4hou] [深入了解恶意软件如何滥用TeamViewer？](http://www.4hou.com/technology/4417.html)

- 2017.02 [4hou] [TeamSpy又回来了，TeamViewer变成了它的攻击载体](http://www.4hou.com/info/3461.html)

- 2016.12 [trendmicro] [New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer](https://blog.trendmicro.com/trendlabs-security-intelligence/new-smssecurity-variant-roots-phones-abuses-accessibility-features-teamviewer/)

- 2016.10 [broadanalysis] [Rig Exploit Kit via EITEST delivers malicious payload and TeamViewer Remote Control](http://www.broadanalysis.com/2016/10/22/rig-exploit-kit-via-eitest-delivers-malicious-payload-and-teamviewer-remote-control/)

- 2016.06 [trendmicro] [Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging](https://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/)

- 2016.06 [] [运用最广的远控-TeamViewer被黑了](http://www.91ri.org/15890.html)

- 2016.06 [radware] [Has TeamViewer Been Hacked?](https://blog.radware.com/security/2016/06/has-teamviewer-been-hacked/)

- 2016.06 [fortinet] [Threat Landscape Perspectives:   TeamViewer Attack – Spy vs. Spy Misdirection?](https://www.fortinet.com/blog/industry-trends/threat-landscape-perspectives-teamviewer-misdirection-like-spy-vs-spy.html)

- 2016.03 [privacy] [Surprise, Hackers Use TeamViewer to Spread Ransomware](http://privacy-pc.com/news/hackers-use-teamviewer.html)

- 2015.08 [volatility] [Recovering TeamViewer (and other) Credentials from RAM with EditBox](https://volatility-labs.blogspot.com/2015/08/recovering-teamviewer-and-other.html)

- 2015.06 [] [获取运行中的TeamViewer的账号和密码](http://www.91ri.org/13367.html)

- 2014.05 [trendmicro] [Remote Help for Family and Friends – Part 1: Installing and Using TeamViewer](http://blog.trendmicro.com/remote-help-family-friends-part-1/)

- 2014.02 [webroot] [Managed TeamViewer based anti-forensics capable virtual machines offered as a service](https://www.webroot.com/blog/2014/02/10/managed-teamviewer-based-anti-forensics-capable-virtual-machines-offered-service/)

- 2014.01 [robert] [Howto install Teamviewer 9.x on Ubuntu >= 12.04 64bit (in my case 13.10)](https://robert.penz.name/709/howto-install-teamviewer-9-x-on-ubuntu-12-04-64bit-in-my-case-13-10/)

- 2013.05 [security] [Installing Teamviewer 8 on Kali 64bit (Debian)](http://security-is-just-an-illusion.blogspot.com/2013/05/installing-teamviewer-8-on-kali-64bit.html)

- 2013.03 [securelist] [The TeamSpy Crew Attacks – Abusing TeamViewer for Cyberespionage](https://securelist.com/the-teamspy-crew-attacks-abusing-teamviewer-for-cyberespionage-8/35520/)

# 恶意软件(部分)

***

## Gh0st

### 工具

- [**301**星][7d] [C++] [yuanyuanxiang/simpleremoter](https://github.com/yuanyuanxiang/simpleremoter) 基于gh0st的远程控制器：实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能

- [**273**星][7y] [C++] [sin5678/gh0st](https://github.com/sin5678/gh0st) a open source remote administrator tool

- [**91**星][6y] [C++] [igh0st/gh0st3.6_src](https://github.com/igh0st/gh0st3.6_src) 

- [**90**星][1m] [C++] [zibility/remote](https://github.com/zibility/remote) 参考Gh0st源码，实现的一款PC远程协助软件，拥有远程Shell、文件管理、桌面管理、消息发送等功能。

- [**21**星][5m] [C++] [holmesian/gh0st-light](https://github.com/holmesian/gh0st-light) 精简之后的老东西

### 文章

- 2020.01 [z3roTrust] [Becoming Untraceable - 12.0_Gh0st_Us3r.dll](https://medium.com/p/4c43ed5c4872)

- 2020.01 [rsa] [Detecting Gh0st RAT in the RSA NetWitness Platform](https://community.rsa.com/community/products/netwitness/blog/2020/01/09/detecting-gh0st-rat-in-netwitness)

- 2019.06 [binarydefense] [Gh0stCringe (Formerly CirenegRAT) - Binary Defense](https://www.binarydefense.com/gh0stcringeformerly-cirenegrat/)

- 2019.03 [alienvault] [The odd case of a Gh0stRAT variant](https://www.alienvault.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant)

- 2018.11 [trendmicro] [使用机器学习对Gh0st远控变种恶意网络数据流进行归类](https://blog.trendmicro.com/trendlabs-security-intelligence/using-machine-learning-to-cluster-malicious-network-flows-from-gh0st-rat-variants/)

- 2018.08 [traffic] [[2018-08-12] KaiXinEK->Gh0stRAT](https://traffic.moe/2018/08/12/index.html)

- 2018.07 [traffic] [[2018-07-16] KaiXinEK->Gh0stRAT](https://traffic.moe/2018/07/16/index.html)

- 2018.07 [inquest] [Field Notes: Malicious HFS Instances Serving Gh0stRAT](https://inquest.net/blog/2018/07/09/field-notes-malicious-hfs-servers)

- 2018.07 [360] [针对一个远控木马Gh0st RAT样本的初始化分析](https://www.anquanke.com/post/id/150098/)

- 2018.05 [id] [CryptGh0st](http://id-ransomware.blogspot.com/2018/05/cryptgh0st-ransomware.html)

- 2018.05 [freebuf] [解码Gh0st RAT变种中的网络数据](http://www.freebuf.com/articles/network/170636.html)

- 2018.04 [freebuf] [Gh0st大灰狼RAT家族通讯协议分析](http://www.freebuf.com/articles/paper/167917.html)

- 2018.04 [360] [Gh0st/大灰狼RAT家族通讯协议分析](https://www.anquanke.com/post/id/103831/)

- 2017.12 [traffic] [[2017-12-06] KaiXinEK->Gh0stRAT](https://traffic.moe/2017/12/06/index.html)

- 2016.06 [cysinfo] [Hunting and Decrypting Communications of Gh0st RAT in Memory](https://cysinfo.com/hunting-and-decrypting-communications-of-gh0st-rat-in-memory/)

- 2014.05 [pediy] [[原创]Gh0st3.6 windows7无法连接bug分析](https://bbs.pediy.com/thread-187505.htm)

- 2014.04 [pediy] [[讨论]Gh0st3.6 IOCP发送BUG](https://bbs.pediy.com/thread-186833.htm)

- 2014.03 [trendmicro] [Kunming Attack Leads to Gh0st RAT Variant](https://blog.trendmicro.com/trendlabs-security-intelligence/kunming-attack-leads-to-gh0st-rat-variant/)

- 2013.08 [pediy] [二次的gh0st](https://bbs.pediy.com/thread-177231.htm)

- 2013.06 [trendmicro] [Targeted Attack in Taiwan Uses Infamous Gh0st RAT](https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-in-taiwan-uses-infamous-gh0st-rat/)

- 2012.11 [trendmicro] [DaRK DDoSseR Leads to Gh0st RAT](https://blog.trendmicro.com/trendlabs-security-intelligence/dark-ddosser-leads-to-gh0st-rat/)

- 2012.06 [alienvault] [New MaControl variant targeting Uyghur users, the Windows version using Gh0st RAT](https://www.alienvault.com/blogs/labs-research/new-macontrol-variant-targeting-uyghur-users-the-windows-version-using-gh0s)

- 2012.05 [forcepoint] [The Amnesty International UK website was compromised to serve Gh0st RAT [Update]](https://www.forcepoint.com/blog/security-labs/amnesty-international-uk-website-was-compromised-serve-gh0st-rat-update)

***

## NanoCore

### 工具

- [**2**星][10m] [Py] [jacobpimental/nanocore_extractor](https://github.com/jacobpimental/nanocore_extractor) Extracts nanocore sample from compile AutoIT script

### 文章

- 2020.01 [molly] [NanoCore: The RAT that keeps on keeping on. How to detect and prove an infection.](https://www.peerlyst.com/posts/nanocore-the-rat-that-keeps-on-keeping-on-how-to-detect-and-prove-an-infection-molly-payne)

- 2019.11 [4hou] [双加载的ZIP文件传播Nanocore RAT](https://www.4hou.com/info/news/21483.html)

- 2019.10 [morphisec] [NanoCore RAT Under the Microscope](https://blog.morphisec.com/nanocore-under-the-microscope)

- 2019.06 [myonlinesecurity] [More AgentTesla keylogger and Nanocore RAT in one bundle](https://myonlinesecurity.co.uk/more-agenttesla-keylogger-and-nanocore-rat-in-one-bundle/)

- 2019.06 [myonlinesecurity] [Nanocore RAT via fake DHL failed delivery in Chinese](https://myonlinesecurity.co.uk/nanocore-rat-via-fake-dhl-failed-delivery-in-chinese/)

- 2019.06 [4hou] [解析NanoCore犯罪软件攻击链](https://www.4hou.com/web/18610.html)

- 2019.06 [yoroi] [Dissecting NanoCore Crimeware Attack Chain](https://blog.yoroi.company/research/dissecting-nanocore-crimeware-attack-chain/)

- 2019.05 [myonlinesecurity] [nanocore RAT via fake order in password protected word doc with wrong password](https://myonlinesecurity.co.uk/nanocore-rat-via-fake-order-in-password-protected-word-doc-with-wrong-password/)

- 2019.05 [myonlinesecurity] [Fake Fedex Express Shipment For Pickup in iso delivers nanocore using Sendgrid](https://myonlinesecurity.co.uk/fake-fedex-express-shipment-for-pickup-in-iso-delivers-nanocore-using-sendgrid/)

- 2019.05 [goggleheadedhacker] [Unpacking NanoCore Sample Using AutoIT](https://www.goggleheadedhacker.com/blog/post/11)

- 2019.03 [carbonblack] [TAU Threat Intelligence Notification: NanoCore – Old Malware, New Tricks!](https://www.carbonblack.com/2019/03/20/tau-threat-intelligence-notification-nanocore-old-malware-new-tricks/)

- 2019.01 [myonlinesecurity] [Fake Autec Power purchase Order delivers Nanocore RAT](https://myonlinesecurity.co.uk/fake-autec-power-purchase-order-delivers-nanocore-rat/)

- 2019.01 [myonlinesecurity] [Nanocore via fake order using dde in csv files](https://myonlinesecurity.co.uk/nanocore-via-fake-order-using-dde-in-csv-files/)

- 2019.01 [myonlinesecurity] [Nanocore RAT via fake order emails](https://myonlinesecurity.co.uk/nanocore-rat-via-fake-order-emails/)

- 2019.01 [malware] [2019-01-04 - MALSPAM PUSHES NANOCORE RAT](http://malware-traffic-analysis.net/2019/01/04/index.html)

- 2018.11 [myonlinesecurity] [Fake Payment Receipt delivers Nanocore RAT malware](https://myonlinesecurity.co.uk/fake-payment-receipt-delivers-nanocore-rat-malware/)

- 2018.06 [UltraHacks] [NanoCore [Free Download] [No Virus] [DL] | Ultra Hacks](https://www.youtube.com/watch?v=lghASMr6VtA)

- 2018.04 [myonlinesecurity] [Fake  PAYMENT CONFIRMATION emails deliver Nanocore RAT](https://myonlinesecurity.co.uk/fake-payment-confirmation-emails-deliver-nanocore-rat/)

- 2018.04 [myonlinesecurity] [Nanocore Rat delivered via fake order emails](https://myonlinesecurity.co.uk/nanocore-rat-delivered-via-fake-order-emails/)

- 2018.04 [myonlinesecurity] [Nanocore via fake Purchase order malspam using Microsoft Office Equation Editor exploits](https://myonlinesecurity.co.uk/nanocore-via-fake-purchase-order-malspam-using-microsoft-office-equation-editor-exploits/)

- 2018.04 [myonlinesecurity] [Nanocore RAT delivered by fake order malspam](https://myonlinesecurity.co.uk/nanocore-rat-delivered-by-fake-order-malspam/)

- 2018.02 [krebsonsecurity] [Bot Roundup: Avalanche, Kronos, NanoCore](https://krebsonsecurity.com/2018/02/bot-roundup-avalanche-kronos-nanocore/)

- 2017.11 [myonlinesecurity] [Fake Product Enquiry malspam delivers Nanocore RAT](https://myonlinesecurity.co.uk/fake-product-enquiry-malspam-delivers-nanocore-rat/)

- 2017.10 [fortinet] [PDF Phishing Leads to Nanocore RAT, Targets French Nationals](https://blog.fortinet.com/2017/10/12/pdf-phishing-leads-to-nanocore-rat-targets-french-nationals)

- 2017.10 [fortinet] [内置 JavaScript 脚本的PDF 恶意文件，启动时通过 Google Drive 分享链接下载 HTA 文件，由 HTA 文件下载并执行 NanoCore 远控](https://www.fortinet.com/blog/threat-research/pdf-phishing-leads-to-nanocore-rat-targets-french-nationals.html)

- 2017.08 [myonlinesecurity] [Angelika Rodriguez – zales@municipiodepaute.gob.ec – Purchase Order malspam  delivers  nanocore RAT](https://myonlinesecurity.co.uk/angelika-rodriguez-zalesmunicipiodepaute-gob-ec-purchase-order-malspam-delivers-nanocore-rat/)

- 2017.05 [netskope] [NanocoreRAT delivery via cloud storage apps shifts from .uue to .r11](https://www.netskope.com/blog/nanocorerat-delivery-via-cloud-storage-apps-shifts-uue-r11/)

- 2017.03 [itsjack] [Nanocore Cracked Alcatraz – Leaving The Door Open](https://itsjack.cc/blog/2017/03/nanocore-cracked-alcatraz-leaving-the-door-open/)

- 2016.10 [sans] [Malspam delivers NanoCore RAT](https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/)

- 2016.02 [paloaltonetworks] [NanoCoreRAT Behind an Increase in Tax-Themed Phishin](https://unit42.paloaltonetworks.com/nanocorerat-behind-an-increase-in-tax-themed-phishing-e-mails/)

- 2015.11 [f] [Halloween RAT: NanoCore Served Via PageFair Service](https://labsblog.f-secure.com/2015/11/02/halloween-rat-nanocore-served-via-pagefair-service/)

- 2015.04 [ensilo] [NanoCore RAT: It’s Not 100% Original](https://blog.ensilo.com/nanocore-rat-not-100-original)

***

## NjRat

### 工具

- [**143**星][2y] [Visual Basic .NET] [alibawazeeer/rat-njrat-0.7d-modded-source-code](https://github.com/alibawazeeer/rat-njrat-0.7d-modded-source-code) NJR

- [**128**星][8d] [Visual Basic] [mwsrc/njrat](https://github.com/mwsrc/njrat) njRAT SRC Extract

- [**14**星][5m] [C#] [nyan-x-cat/njrat-0.7d-stub-csharp](https://github.com/nyan-x-cat/njrat-0.7d-stub-csharp) njRAT C# Stub - Fixed For PowerShell

- [**3**星][2y] [Py] [seep1959/njutils](https://github.com/seep1959/njutils) A client and chat program for njrat 0.6.4, 0.7d, and 0.7d golden edition.

### 文章

- 2019.12 [carbonblack] [Threat Analysis Unit (TAU) Threat Intelligence Notification: njRAT](https://www.carbonblack.com/2019/12/10/threat-analysis-unit-tau-threat-intelligence-notification-njrat/)

- 2019.09 [freebuf] [Gorgon APT组织再做文章：DropBox到NJRat的曲折历程](https://www.freebuf.com/articles/system/213082.html)

- 2019.05 [morphisec] [A look at Hworm / Houdini AKA njRAT](https://blog.morphisec.com/hworm-houdini-aka-njrat)

- 2019.05 [myonlinesecurity] [Fake Payment receipt vbs drops njrat bladabindi downloads Agent Tesla via Sendspace.](https://myonlinesecurity.co.uk/fake-payment-receipt-vbs-drops-njrat-bladabindi-downloads-agent-tesla-via-sendspace/)

- 2018.11 [trendmicro] [由AutoIt编译的蠕虫, 利用可移动介质传播, 投递无文件版的njRAT远控](https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/)

- 2018.06 [360] [老树开新花--njRAT家族恶意软件分析报告](https://www.anquanke.com/post/id/149654/)

- 2018.06 [freebuf] [技术讨论 | NjRAT通过base64编码加密混淆Code免杀绕过360杀毒实验](http://www.freebuf.com/articles/rookie/174776.html)

- 2018.04 [UltraHacks] [njRAT v0.7 | Tutorial | www.ultrahacks.org | Ultra Hacks](https://www.youtube.com/watch?v=qvURwIAzGo4)

- 2018.03 [broadanalysis] [Guest Blog Post: njRat Analysis with Volatility](http://www.broadanalysis.com/2018/03/25/guest-blog-post-njrat-analysis-with-volatility/)

- 2018.01 [rsa] [Malspam delivers njRAT 1-11-2018](https://community.rsa.com/community/products/netwitness/blog/2018/01/12/malspam-delivers-njrat-1-11-2018)

- 2017.12 [malwarenailed] [Revisiting HWorm and NjRAT](http://malwarenailed.blogspot.com/2017/05/revisiting-hworm-and-njrat.html)

- 2016.12 [freebuf] [史上最全的njRAT通信协议分析](http://www.freebuf.com/articles/network/122244.html)

- 2016.08 [MalwareAnalysisForHedgehogs] [Malware Analysis - Unpacking njRAT Protected by Confuser v.1.9 and others](https://www.youtube.com/watch?v=92GDWqCK1rQ)

- 2016.01 [sensecy] [Is There A New njRAT Out There?](https://blog.sensecy.com/2016/01/05/is-there-a-new-njrat-out-there/)

- 2015.12 [sec] [木马情报分析之：njRAT&H-worm](https://www.sec-un.org/trojan-information-analysis-njrath-worm/)

- 2015.11 [alienvault] [KilerRat: Taking over where Njrat remote access trojan left off](https://www.alienvault.com/blogs/labs-research/kilerrat-taking-over-where-njrat-remote-access-trojan-left-off)

- 2015.08 [virusbulletin] [Paper: Life after the apocalypse for the Middle Eastern NJRat campaign](https://www.virusbulletin.com/blog/2015/08/paper-life-after-apocalypse-middle-eastern-njrat-campaign/)

- 2014.08 [mcafee] [Trailing the Trojan njRAT](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/trail-njrat/)

- 2014.08 [mcafee] [Trailing the Trojan njRAT](https://securingtomorrow.mcafee.com/mcafee-labs/trail-njrat/)

- 2014.01 [rsa] [Detecting njRAT in Your Environment](https://community.rsa.com/community/products/netwitness/blog/2014/01/02/detecting-njrat-in-your-environment)

***

## Revenge RAT

### 工具

- [**21**星][2m] [C#] [nyan-x-cat/revengerat-stub-cssharp](https://github.com/nyan-x-cat/revengerat-stub-cssharp) Revenge-RAT C# Stub - Fixed

### 文章

- 2020.01 [malware] [2020-01-15 - QUICK POST: MALSPAM PUSHING REVENGE RAT](http://malware-traffic-analysis.net/2020/01/15/index.html)

- 2019.11 [fortinet] [Double Trouble:  RevengeRAT and WSHRAT](https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html)

- 2019.09 [360] [Revenge-RAT is used in phishing emails attacks against Italy](https://blog.360totalsecurity.com/en/revenge-rat-is-used-in-phishing-emails-attacks-against-italy/)

- 2019.04 [4hou] [利用钓鱼邮件传播RevengeRAT的Aggah行动](https://www.4hou.com/web/17521.html)

- 2019.03 [alienvault] [Mapping TrickBot and RevengeRAT with MITRE ATT&CK and AlienVault USM Anywhere](https://www.alienvault.com/blogs/labs-research/mapping-trickbot-and-revengerat-with-mitre-attck-and-alienvault-usm-anywhere)

- 2019.02 [4hou] [Revenge RAT恶意软件升级版来袭](http://www.4hou.com/web/16164.html)

- 2018.04 [dissectmalware] [Stealthy VBScript dropper dropping Revenge RAT](https://dissectmalware.wordpress.com/2018/04/08/stealthy-powershell-dropper-dropping-revenge-rat/)

- 2017.10 [rsa] [Malspam Delivers Revenge RAT October-2017](https://community.rsa.com/community/products/netwitness/blog/2017/10/26/malspam-delivers-revenge-rat-october-2017)

- 2016.08 [deniable] [Lurking Around Revenge-RAT](http://blog.deniable.org/blog/2016/08/26/lurking-around-revenge-rat/)

***

## PlugX

### 工具

- [**28**星][7y] [Py] [kcreyts/plugxdecoder](https://github.com/kcreyts/plugxdecoder) Decodes PlugX traffic and encrypted/compressed artifacts

### 文章

- 2020.01 [hexacorn] [The Wizard of X – Oppa PlugX style, Part 2](http://www.hexacorn.com/blog/2020/01/24/the-wizard-of-x-oppa-plugx-style-part-2/)

- 2019.11 [BorjaMerino] [Rebind Socket Windows: PoC PlugX Controller](https://www.youtube.com/watch?v=MtscvthsaeY)

- 2018.06 [countuponsecurity] [Digital Forensics – PlugX and Artifacts left behind](https://countuponsecurity.com/2018/06/20/digital-forensics-plugx-and-artifacts-left-behind/)

- 2018.05 [countuponsecurity] [Malware Analysis – PlugX – Part 2](https://countuponsecurity.com/2018/05/09/malware-analysis-plugx-part-2/)

- 2018.02 [4hou] [揭秘PlugX 恶意软件家族的攻击实力](http://www.4hou.com/technology/10394.html)

- 2018.02 [360] [PlugX恶意软件分析报告](https://www.anquanke.com/post/id/98166/)

- 2018.02 [countuponsecurity] [Malware Analysis – PlugX](https://countuponsecurity.com/2018/02/04/malware-analysis-plugx/)

- 2017.09 [fortinet] [Deep Analysis of New Poison Ivy/PlugX Variant - Part II](https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii)

- 2017.09 [fortinet] [新型 Poison Ivy/PlugX 变种深入分析](https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii.html)

- 2017.09 [360] [Stack overflow in PlugX RAT](https://www.anquanke.com/post/id/86769/)

- 2017.07 [hexacorn] [The Wizard of X – Oppa PlugX style](http://www.hexacorn.com/blog/2017/07/31/the-wizard-of-x-oppa-plugx-style/)

- 2017.02 [jpcert] [PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code -](https://blogs.jpcert.or.jp/en/2017/02/plugx-poison-iv-919a.html)

- 2016.06 [airbuscybersecurity] [Getting a PlugX builder](http://blog.airbuscybersecurity.com/post/2016/06/Getting-a-PlugX-builder)

- 2016.06 [cylance] [CylancePROTECT® vs. PlugX – JTB Breach Affects 7.93 Million People in Japan](https://www.cylance.com/en_us/blog/cylanceprotect-vs-plugx.html)

- 2016.03 [securelist] [PlugX malware: A good hacker is an apologetic hacker](https://securelist.com/plugx-malware-a-good-hacker-is-an-apologetic-hacker/74150/)

- 2015.11 [volatility] [PlugX: Memory Forensics Lifecycle with Volatility](https://volatility-labs.blogspot.com/2015/11/plugx-memory-forensics-lifecycle-with.html)

- 2015.09 [cyintanalysis] [Using threat_note To Track Campaigns: Returning to PIVY and PlugX Infrastructure](http://www.cyintanalysis.com/using-threat_note-to-track-campaigns-returning-to-pivy-and-plugx-infrastructure/)

- 2015.09 [airbuscybersecurity] [Volatility plugin for PlugX updated](http://blog.airbuscybersecurity.com/post/2015/08/Volatility-plugin-for-PlugX-updated)

- 2015.08 [rebsnippets] [PlugX Chronicles](http://rebsnippets.blogspot.com/2015/08/plugx-chronicles.html)

- 2015.08 [cyintanalysis] [Threat Analysis: Poison Ivy and Links to an Extended PlugX Campaign](http://www.cyintanalysis.com/threat-analysis-poison-ivy-and-links-to-an-extended-plugx-campaign/)

- 2015.08 [airbuscybersecurity] [Latest changes in PlugX](http://blog.airbuscybersecurity.com/post/2015/06/Latest-improvements-in-PlugX)

- 2015.05 [paloaltonetworks] [PlugX Uses Legitimate Samsung Application for DLL Sid](https://unit42.paloaltonetworks.com/plugx-uses-legitimate-samsung-application-for-dll-side-loading/)

- 2015.04 [freebuf] [恶意代码分析：台湾官方版英雄联盟LoL和流亡黯道PoE被植入远控工具PlugX](http://www.freebuf.com/vuls/63151.html)

- 2015.01 [jpcert] [Analysis of a Recent PlugX Variant - “P2P PlugX”](https://blogs.jpcert.or.jp/en/2015/01/analysis-of-a-r-ff05.html)

- 2015.01 [] [A Closer Look at PlugX from League of Legends / Path of Exile](http://909research.com/a-closer-look-at-plugx-from-league-of-legends-path-of-exile/)

- 2015.01 [trendmicro] [PlugX Malware Found in Official Releases of League of Legends, Path of Exile](https://blog.trendmicro.com/trendlabs-security-intelligence/plugx-malware-found-in-official-releases-of-league-of-legends-path-of-exile/)

- 2014.06 [trendmicro] [PlugX RAT With “Time Bomb” Abuses Dropbox for Command-and-Control Settings](https://blog.trendmicro.com/trendlabs-security-intelligence/plugx-rat-with-time-bomb-abuses-dropbox-for-command-and-control-settings/)

- 2014.06 [lastline] [An Analysis of PlugX Using Process Dumps from High-Resolution Malware Analysis](https://www.lastline.com/labsblog/an-analysis-of-plugx-using-process-dumps-from-high-resolution-malware-analysis/)

- 2014.01 [airbuscybersecurity] [PlugX "v2": meet "SController"](http://blog.airbuscybersecurity.com/post/2014/01/PlugX-v2%3A-meet-SController)

- 2014.01 [airbuscybersecurity] [PlugX: some uncovered points](http://blog.airbuscybersecurity.com/post/2014/01/plugx-some-uncovered-points.html)

- 2013.12 [lastline] [An Analysis of PlugX Malware](https://www.lastline.com/labsblog/an-analysis-of-plugx-malware/)

- 2013.05 [freebuf] [FireEye：PlugX老马新用,针对中国政治活动的APT攻击分析](http://www.freebuf.com/news/9555.html)

- 2013.04 [trendmicro] [New Wave of PlugX Targets Legitimate Apps](https://blog.trendmicro.com/trendlabs-security-intelligence/new-wave-of-plugx-targets-legitimate-apps/)

- 2013.04 [securelist] [Winnti returns with PlugX](https://securelist.com/winnti-returns-with-plugx/66960/)

- 2012.09 [freebuf] [国外大牛人肉定向攻击远控PlugX开发者全过程分析](http://www.freebuf.com/articles/others-articles/5718.html)

- 2012.09 [alienvault] [The connection between the Plugx Chinese gang and the latest Internet Explorer Zeroday](https://www.alienvault.com/blogs/labs-research/the-connection-between-the-plugx-chinese-gang-and-the-latest-internet-explo)

- 2012.09 [trendmicro] [Unplugging PlugX Capabilities](https://blog.trendmicro.com/trendlabs-security-intelligence/unplugging-plugx-capabilities/)

- 2012.09 [alienvault] [Tracking down the author of the PlugX RAT](https://www.alienvault.com/blogs/labs-research/tracking-down-the-author-of-the-plugx-rat)

- 2012.09 [freebuf] [新型远程控制工具Plugx正在被利用并通过钓鱼攻击日本政府](http://www.freebuf.com/news/5607.html)

- 2012.09 [trendmicro] [PlugX: New Tool For a Not So New Campaign](https://blog.trendmicro.com/trendlabs-security-intelligence/plugx-new-tool-for-a-not-so-new-campaign/)

***

## RemcosRAT

- 2019.10 [fortinet] [New Variant of Remcos RAT Observed In the Wild](https://www.fortinet.com/blog/threat-research/new-variant-of-remcos-rat-observed-in-the-wild.html)

- 2019.09 [myonlinesecurity] [Some changes to Remcos Rat persistence method](https://myonlinesecurity.co.uk/some-changes-to-remcos-rat-persistence-method/)

- 2019.09 [myonlinesecurity] [Fake invoice tries to deliver Remcos RAT](https://myonlinesecurity.co.uk/fake-invoice-tries-to-deliver-remcos-rat/)

- 2019.09 [freebuf] [钓鱼邮件中的Remcos RAT变种分析](https://www.freebuf.com/articles/network/212400.html)

- 2019.08 [trendmicro] [Analysis: New Remcos RAT Arrives Via Phishing Email](https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-new-remcos-rat-arrives-via-phishing-email/)

- 2019.06 [myonlinesecurity] [Remcos Rat via fake invoice using multiple delivery methods.](https://myonlinesecurity.co.uk/remcos-rat-via-fake-invoice-using-multiple-delivery-methods/)

- 2019.06 [HackerSploit] [Remcos RAT Review - The Most Advanced Remote Access Tool](https://www.youtube.com/watch?v=rffkJDcri18)

- 2018.11 [myonlinesecurity] [More Fake DHL invoices delivering Remcos RAT via office XML files](https://myonlinesecurity.co.uk/more-fake-dhl-invoices-delivering-remcos-rat-via-office-xml-files/)

- 2018.10 [myonlinesecurity] [Fake DHL READ : (DHL Express) -Delivery  Address Confirmation delivers Remcos Rat](https://myonlinesecurity.co.uk/fake-dhl-read-dhl-express-delivery-address-confirmation-delivers-remcos-rat/)

- 2018.09 [myonlinesecurity] [Fake Purchase Order email delivers Remcos RAT](https://myonlinesecurity.co.uk/fake-purchase-order-email-delivers-remcos-rat/)

- 2018.09 [360] [揭秘Remcos下的僵尸网络](https://www.anquanke.com/post/id/158934/)

- 2018.08 [securityledger] [Cisco Links Remote Access Tool Remcos to Cybercriminal Underground](https://securityledger.com/2018/08/cisco-links-remote-access-tool-remcos-to-cybercriminal-underground/)

- 2018.08 [talosintelligence] [Picking Apart Remcos Botnet-In-A-Box](https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html)

- 2018.08 [UltraHacks] [Remcos RAT Tutorial  | Remote Administration Tool | Ultra Hacks](https://www.youtube.com/watch?v=hlf5k86LwMI)

- 2018.07 [myonlinesecurity] [Fake DHL “Alert! Shipment Notification” delivers Remcos RAT](https://myonlinesecurity.co.uk/fake-dhl-alert-shipment-notification-delivers-remcos-rat/)

- 2018.05 [fortinet] [Remcos远控变种利用CVE-2017-11882传播](https://www.fortinet.com/blog/threat-research/new-remcos-rat-variant-is-spreading-by-exploiting-cve-2017-11882.html)

- 2018.04 [myonlinesecurity] [Remcos RAT delivered by fake ” your workers are fighting” message](https://myonlinesecurity.co.uk/remcos-rat-delivered-by-fake-your-workers-are-fighting-message/)

- 2018.04 [myonlinesecurity] [Remcos RAT delivered via fake CCICM international debt recovery service](https://myonlinesecurity.co.uk/remcos-rat-delivered-via-fake-ccicm-international-debt-recovery-service/)

- 2018.04 [myonlinesecurity] [Fake Payment recovery email spoofing CCICM international debt recovery service delivers Remcos rat via  Microsoft Equation Editor Exploits](https://myonlinesecurity.co.uk/fake-payment-recovery-email-spoofing-ccicm-international-debt-recovery-service-delivers-remcos-rat-via-microsoft-equation-editor-exploits/)

- 2018.03 [tencent] [新型远控木马Remcos利用CVE-2017-11882漏洞进行实时攻击](https://s.tencent.com/research/report/442.html)

- 2018.03 [myonlinesecurity] [Fake order spoofed from Finchers ltd  Sankyo-Rubber delivers Remcos RAT via ACE attachments](https://myonlinesecurity.co.uk/fake-order-spoofed-from-finchers-ltd-sankyo-rubber-delivers-remcos-rat-via-ace-attachments/)

- 2017.09 [malwarebreakdown] [Malvertising Leads to RIG EK and Drops Remcos RAT.](https://malwarebreakdown.com/2017/09/27/malvertising-leads-to-rig-ek/)

- 2017.09 [trendmicro] [云平台 Autodesk® A360 被利用传播 Adwind, Remcos, Netwire RAT 等恶意软件](https://blog.trendmicro.com/trendlabs-security-intelligence/a360-drive-adwind-remcos-netwire-rats/)

- 2017.08 [cybereason] [Cybereason creates 'vaccine' to stop Remcos RAT](https://www.cybereason.com/blog/blog-cybereason-creates-vaccine-to-stop-remcos-rat)

- 2017.02 [fortinet] [REMCOS: A New RAT In The Wild](https://www.fortinet.com/blog/threat-research/remcos-a-new-rat-in-the-wild-2.html)

***

## L0rdixRAT

- 2019.08 [bromium] [Decrypting L0rdix RAT’s C2](https://www.bromium.com/decrypting-l0rdix-rats-c2/)

- 2019.07 [bromium] [An Analysis of L0rdix RAT, Panel and Builder](https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/)

- 2018.11 [ensilo] [L0RDIX: Multipurpose Attack Tool](https://blog.ensilo.com/l0rdix-attack-tool)

***

## LodaRAT

- 2020.02 [talosintelligence] [Loda RAT Grows Up](https://blog.talosintelligence.com/2020/02/loda-rat-grows-up.html)

***

## GulfRAT

- 2020.01 [TheCyberWire] [Phishing with a RAT in the Gulf. More on how Jeff Bezos was hacked. Microsoft discloses data...](https://www.youtube.com/watch?v=wFAcCuqdqSY)

- 2020.01 [TheCyberWire] [Escalation in the Gulf as a US air strike kills Iran’s Quds commander. Travelex and RavnAir...](https://www.youtube.com/watch?v=R6j1evxLj1g)

- 2019.08 [nettitude] [Tanker Cyber Attacks taking place in the Gulf](https://blog.nettitude.com/tanker-cyber-attacks)

- 2017.09 [mikefrobbins] [PowerShell Toolmaking session this Saturday, September 30th at Gulf Coast Code Camp 2017 in Mobile, Alabama](http://mikefrobbins.com/2017/09/28/powershell-toolmaking-session-this-saturday-september-30th-at-gulf-coast-code-camp-2017-in-mobile-alabama/)

- 2016.11 [fireeye] [FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region](https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html)

- 2016.03 [elearnsecurity] [Visit eLearnSecurity on Gulf Information Security and Gulf Expo 2016 in Dubai](https://blog.elearnsecurity.com/visit-elearnsecurity-on-gulf-information-security-and-gulf-expo-2016-in-dubai.html)

- 2015.07 [welivesecurity] [New report explains gulf between security experts and non-experts](https://www.welivesecurity.com/2015/07/28/new-report-explains-gulf-security-experts-non-experts/)

- 2010.08 [publicintelligence] [Los Zetas and Gulf Cartel Perpetrators of Mexican Drug Trafficking Violence Organizational Chart](https://publicintelligence.net/los-zetas-and-gulf-cartel-perpetrators-of-mexican-drug-trafficking-violence-organizational-chart/)

- 2010.05 [publicintelligence] [BP Minerals Management Service Workshop Brief: Unlocking Gulf of Mexico “Technological Challenges”](https://publicintelligence.net/bp-minerals-management-service-workshop-brief-gulf-of-mexico-technological-challenges/)

***

## NetWireRAT

- 2020.01 [securityintelligence] [New NetWire RAT Campaigns Use IMG Attachments to Deliver Malware Targeting Enterprise Users](https://securityintelligence.com/posts/new-netwire-rat-campaigns-use-img-attachments-to-deliver-malware-targeting-enterprise-users/)

- 2019.11 [carbonblack] [Active C2 Discovery Using Protocol Emulation Part1 (HYDSEVEN NetWire)](https://www.carbonblack.com/2019/11/20/active-c2-discovery-using-protocol-emulation-part1-hydseven-netwire/)

- 2019.09 [fortinet] [New NetWire RAT Variant Being Spread Via Phishing](https://www.fortinet.com/blog/threat-research/new-netwire-rat-variant-spread-by-phishing.html)

- 2019.08 [malware] [2019-08-23 - DATA DUMP (URSNIF, RIG EK, NETWIRE RAT)](http://malware-traffic-analysis.net/2019/08/23/index.html)

- 2019.04 [myonlinesecurity] [Fake DHL Shipment Notification delivers Netwire Trojan](https://myonlinesecurity.co.uk/fake-dhl-shipment-notification-delivers-netwire-trojan/)

- 2018.11 [traffic] [[2018-11-21] HookAds->FalloutEK->AZORult->NetWireRAT](https://traffic.moe/2018/11/21/index.html)

- 2017.11 [myonlinesecurity] [Fake HSBC Advising Service Payment Advice malspam delivers Netwire trojan](https://myonlinesecurity.co.uk/fake-hsbc-advising-service-payment-advice-malspam-delivers-netwire-trojan/)

- 2017.10 [myonlinesecurity] [Fake HSBC Swift Copy delivers Netwire trojan](https://myonlinesecurity.co.uk/fake-hsbc-swift-copy-delivers-netwire-trojan/)

- 2017.09 [TechnoHacker] [NetWire HKCU/Run vs ActiveX Startup](https://www.youtube.com/watch?v=B2Au16gy4nE)

- 2017.08 [TechnoHacker] [Netwire Tutorial: How to Sign the Android Host](https://www.youtube.com/watch?v=zEJrkKr29mU)

- 2017.04 [TechnoHacker] [How to crypt Netwire with Cyberseal](https://www.youtube.com/watch?v=hzZtBO95B-U)

- 2017.04 [TechnoHacker] [Netwire RAT Review](https://www.youtube.com/watch?v=jRCBTmBIT8g)

- 2014.08 [paloaltonetworks] [NetWire and MITRE](https://unit42.paloaltonetworks.com/netwire-mitre-chopshop/)

- 2014.08 [paloaltonetworks] [New Release: Decrypting NetWire C](https://unit42.paloaltonetworks.com/new-release-decrypting-netwire-c2-traffic/)

***

## JhoneRAT

- 2020.01 [talosintelligence] [JhoneRAT: Cloud based python RAT targeting Middle Eastern countries](https://blog.talosintelligence.com/2020/01/jhonerat.html)

***

## Dacls

- 2019.12 [360] [Lazarus Group使用Dacls RAT攻击Linux平台](https://blog.netlab.360.com/dacls-the-dual-platform-rat/)

- 2019.12 [360] [Dacls, the Dual platform RAT](https://blog.netlab.360.com/dacls-the-dual-platform-rat-en/)

***

## BlackRemote

- 2019.12 [carbonblack] [Threat Analysis Unit (TAU) Threat Intelligence Notification: BlackRemote RAT](https://www.carbonblack.com/2019/12/13/threat-analysis-unit-tau-threat-intelligence-notification-blackremote-rat/)

***

## Orcus

- 2019.11 [krebsonsecurity] [Orcus RAT Author Charged in Malware Scheme](https://krebsonsecurity.com/2019/11/orcus-rat-author-charged-in-malware-scheme/)

- 2019.01 [morphisec] [New Campaign Delivers Orcus RAT](https://blog.morphisec.com/new-campaign-delivering-orcus-rat)

- 2018.04 [freebuf] [基于SYLK文件传播Orcus远控木马样本分析](http://www.freebuf.com/articles/system/167141.html)

- 2017.12 [fortinet] [Circle of the fraud: more information about Bitcoin Orcus RAT campaign](https://blog.fortinet.com/2017/12/22/circle-of-the-fraud-more-information-about-bitcoin-orcus-rat-campaign)

- 2017.12 [fortinet] [Circle of the fraud: more information about Bitcoin Orcus RAT campaign](https://www.fortinet.com/blog/threat-research/circle-of-the-fraud-more-information-about-bitcoin-orcus-rat-campaign.html)

- 2017.12 [fortinet] [A Peculiar Case of Orcus RAT Targeting Bitcoin Investors](https://blog.fortinet.com/2017/12/07/a-peculiar-case-of-orcus-rat-targeting-bitcoin-investors)

- 2017.12 [fortinet] [Orcus 远控瞄准比特币投资者, 伪装成比特币交易机器人 Gunbot 进行传播](https://www.fortinet.com/blog/threat-research/a-peculiar-case-of-orcus-rat-targeting-bitcoin-investors.html)

- 2017.05 [freebuf] [Orcus VM的解题步骤](http://www.freebuf.com/articles/network/133796.html)

- 2017.04 [hackingarticles] [Hack the Orcus VM CTF Challenge](http://www.hackingarticles.in/hack-orcus-vm-ctf-challenge/)

- 2017.04 [techanarchy] [VulnHub Orcus Solution](http://techanarchy.net/2017/04/vulnhub-orcus-solution/)

- 2017.03 [vulnhub] [hackfest2016: Orcus](https://www.vulnhub.com/entry/hackfest2016-orcus,182/)

- 2017.03 [vulnhub] [hackfest2016: Orcus](https://www.vulnhub.com/entry/hackfest2016-orcus,182/)

- 2016.08 [deniable] [Cracking Orcus RAT](http://deniable.org/cracking-orcus-rat/)

- 2016.08 [deniable] [Cracking Orcus RAT](http://blog.deniable.org/blog/2016/08/09/cracking-orcus-rat/)

- 2016.08 [deniable] [Cracking Orcus RAT](http://deniable.org/reversing/cracking-orcus-rat)

- 2016.08 [paloaltonetworks] [Orcus – Birth of an unusual plugin bu](https://unit42.paloaltonetworks.com/unit42-orcus-birth-of-an-unusual-plugin-builder-rat/)

- 2016.07 [krebsonsecurity] [Canadian Man Behind Popular ‘Orcus RAT’](https://krebsonsecurity.com/2016/07/canadian-man-is-author-of-popular-orcus-rat/)

***

## NukeSped

- 2019.10 [fortinet] [A Deep-Dive Analysis of the NukeSped RATs](https://www.fortinet.com/blog/threat-research/deep-analysis-nukesped-rat.html)

***

## DarkComet

- 2018.09 [UltraHacks] [How to setup DarkCometRAT 5.3.1 + Portforward](https://www.youtube.com/watch?v=fTeUTvg1_jE)

- 2018.04 [freebuf] [CVE-2017-11882新动态：利用AutoIT脚本释放DarkComet后门](http://www.freebuf.com/vuls/166744.html)

- 2018.03 [tencent] [CVE-2017-11882新动态：利用AutoIT脚本释放DarkComet后门](https://s.tencent.com/research/report/451.html)

- 2017.10 [rsa] [Malspam Delivers DarkComet RAT October-2017](https://community.rsa.com/community/products/netwitness/blog/2017/10/12/malspam-delivers-darkcomet-rat-october-2017)

- 2017.01 [HackingMonks] [Darkcomet Rat Tutorial (Trojans are awesome)](https://www.youtube.com/watch?v=eS9BIFaFKNM)

- 2016.02 [hackingarticles] [Hack Remote PC using Darkcomet RAT with Metasploit](http://www.hackingarticles.in/hack-remote-pc-using-darkcomet-rat-with-metasploit/)

- 2015.11 [TechnoHacker] [How to setup DarkComet RAT [Voice Tutorial] [Download Link]](https://www.youtube.com/watch?v=Lqcg7gcKCfo)

- 2015.07 [SecurityBSidesLondon] [Kevin Breen - DarkComet From Defense To Offense - Identify your Attacker](https://www.youtube.com/watch?v=tRM6HrW7BAc)

- 2015.03 [heimdalsecurity] [Security Alert: Infamous DarkComet RAT Used In Spear Phishing Campaigns](https://heimdalsecurity.com/blog/darkcomet-rat-phishing-campaigns/)

- 2015.03 [sketchymoose] [Smooshing the Square Peg into the Round Hole: DarkComet Plugin for 64-bit images](https://sketchymoose.blogspot.com/2015/03/smooshing-square-peg-into-round-hole.html)

- 2012.07 [freebuf] [DarkComet RAT作者宣布项目停止开发](http://www.freebuf.com/news/4939.html)

- 2012.06 [freebuf] [[更新]一款强大的远控 – DarkComet RAT V5.3.1](http://www.freebuf.com/sectool/3957.html)

- 2012.06 [malwarebytes] [You dirty RAT! Part 1: DarkComet](https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/)

- 2012.04 [trendmicro] [Fake Skype Encryption Software Cloaks DarkComet Trojan](https://blog.trendmicro.com/trendlabs-security-intelligence/fake-skype-encryption-software-cloaks-darkcomet-trojan/)

- 2012.04 [toolswatch] [DarkComet-RAT Remote Administration Tool v5.1.1 released](http://www.toolswatch.org/2012/04/darkcomet-rat-remote-administration-tool-v5-1-1released/)

- 2012.03 [quequero] [DarkComet Analysis – Understanding the Trojan used in Syrian Uprising](https://quequero.org/2012/03/darkcomet-analysis-understanding-the-trojan-used-in-syrian-uprising/)

- 2012.02 [trendmicro] [DarkComet Surfaced in the Targeted Attacks in Syrian Conflict](https://blog.trendmicro.com/trendlabs-security-intelligence/darkcomet-surfaced-in-the-targeted-attacks-in-syrian-conflict/)

- 2011.08 [toolswatch] [DarkComet-RAT (Remote Administration Tool) v4.0 Fix 1 available](http://www.toolswatch.org/2011/08/darkcomet-rat-remote-administration-tool-v4-0-fix-1-available/)

- 2011.05 [toolswatch] [DarkComet-RAT v3.3 available](http://www.toolswatch.org/2011/05/darkcomet-rat-v3-3-available/)

- 2011.01 [toolswatch] [(EXCLUSIVE) DarkComet-RAT updated to v3.0.1](http://www.toolswatch.org/2011/01/darkcomet-rat-updated-to-v3-0-1/)

- 2011.01 [toolswatch] [EXCLUSIVE : DarkComet-RAT 3.0 released (Impressive RAT tool)](http://www.toolswatch.org/2011/01/exclusive-darkcomet-rat-3-0-released-impressive-rat-tool/)

***

## WarZone RAT

- 2018.11 [UltraHacks] [Warzone RAT C++ | Hidden VNC [PROMOTION VIDEO]| Ultra Hacks](https://www.youtube.com/watch?v=QV_21Qv-0d0)

***

## BlackShades

- 2017.01 [TechnoHacker] [Blackshades Revisited](https://www.youtube.com/watch?v=8lTFyk5CEQg)

- 2016.02 [TechnoHacker] [How to use Blackshades [download link]](https://www.youtube.com/watch?v=9lzbO-QW46o)

- 2016.02 [TechnoHacker] [How to setup Blackshades RAT [Voice Tutorial] [download link]](https://www.youtube.com/watch?v=PLYe1JwCoA8)

- 2014.05 [malwarebytes] [Taking off the Blackshades](https://blog.malwarebytes.com/threat-analysis/2014/05/taking-off-the-blackshades/)

- 2014.05 [endgame] [Blackshades: Why We Should Care About Old Malware](https://www.endgame.com/blog/technical-blog/blackshades-why-we-should-care-about-old-malware)

- 2014.05 [trendmicro] [The Blackshades RAT – Entry-Level Cybercrime](https://blog.trendmicro.com/trendlabs-security-intelligence/the-blackshades-rat-entry-level-cybercrime/)

- 2014.05 [publicintelligence] [FBI Blackshades Remote Access Tool Private Sector Bulletins and Domain List](https://publicintelligence.net/fbi-blackshades-bulletins/)

- 2014.05 [alienvault] [Blackshades Smackdown & Poking China in the Eye](https://www.alienvault.com/blogs/industry-insights/blackshades-smackdown-poking-china-in-the-eye)

- 2014.05 [cylance] [A Study in Bots: BlackShades Net](https://www.cylance.com/en_us/blog/a-study-in-bots-blackshades-net.html)

- 2014.05 [welivesecurity] [Behind Blackshades: a closer look at the latest FBI cyber crime arrests](https://www.welivesecurity.com/2014/05/20/blackshades-rat-fbi-cybercrime-malware-takedown/)

- 2014.05 [krebsonsecurity] [‘Blackshades’ Trojan Users Had It Coming](https://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/)

- 2014.05 [malwaretech] [FBI Cybercrime Crackdown – Blackshades](https://www.malwaretech.com/2014/05/fbi-cybercrime-crackdown-blackshades.html)

- 2012.07 [malwarebytes] [BlackShades Co-Creator Arrested!](https://blog.malwarebytes.com/cybercrime/2012/07/blackshades-co-creator-arrested/)

- 2012.06 [malwarebytes] [BlackShades in Syria](https://blog.malwarebytes.com/threat-analysis/2012/06/blackshades-in-syria/)

- 2012.06 [citizenlab] [Syrian Activists Targeted with BlackShades Spy Software](https://citizenlab.ca/2012/06/syrian-activists-targeted-with-blackshades-spy-software/)

- 2012.06 [malwarebytes] [You Dirty RAT! Part 2 – BlackShades NET](https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-2-blackshades-net/)

***

## DenesRAT

- 2019.10 [nsfocus] [海莲花（APT32）组织 DenesRAT木马与相关攻击链分析](http://blog.nsfocus.net/apt32-organization-denesrat-trojan-related-attack-chain-analysis/)

***

## WSH RAT

- 2019.10 [angelalonso] [WSH RAT - Analysis of the code](https://blog.angelalonso.es/2019/10/wsh-rat-analysis-of-code.html)

- 2019.10 [angelalonso] [Fudcrypt using H-Worm from WSH RAT](https://blog.angelalonso.es/2019/10/fudcrypt-using-h-worm-from-wshrat.html)

- 2019.09 [freebuf] [黑客购买新型WSH RAT最新变种样本，攻击银行客户](https://www.freebuf.com/articles/system/214269.html)

- 2019.09 [angelalonso] [WSH RAT and the link to unknowcrypter and Fudcrypt](https://blog.angelalonso.es/2019/09/wsh-rat-and-link-to-unknowcrypter-and.html)

***

## Qrypter RAT

- 2018.04 [4hou] [对愈加流行的Qrypter RAT运作情况进行分析](http://www.4hou.com/web/10902.html)

- 2017.12 [angelalonso] [Qrypter Java RAT using Tor](http://blog.angelalonso.es/2017/12/qrypter-java-rat-using-tor.html)

***

## Adwind

- 2019.08 [4hou] [Adwind远控当前被广泛用于公共事业部门的攻击活动中](https://www.4hou.com/info/19812.html)

- 2018.10 [reversinglabs] [eWeek: Cisco Talos and ReversingLabs warn that the Adwind Remote Access Trojan (RAT) has added capabilities that enable it bypass some anti-virus technologies](https://www.reversinglabs.com/newsroom/news/eweek-cisco-talos-and-reversinglabs-warn-adwind-remote-access-trojan-rat-has-added.html)

- 2018.04 [4hou] [垃圾邮件活动使用XTRAT、DUNIHI和Adwind后门](http://www.4hou.com/info/news/11169.html)

- 2018.04 [trendmicro] [趋势科技研究人员监控到垃圾邮件传播跨平台远控Adwind, 同时捆绑了后门XTRAT和DUNIHI和Loki](https://blog.trendmicro.com/trendlabs-security-intelligence/xtrat-and-dunihi-backdoors-bundled-with-adwind-in-spam-mails/)

- 2018.04 [ensilo] [enSilo Blocks New Variant of Adwind RAT](https://blog.ensilo.com/ensilo-blocks-new-variant-of-adwind-rat)

- 2018.03 [OALabs] [Analyzing Adwind / JRAT Java Malware](https://www.youtube.com/watch?v=yHrr9v0E6MQ)

- 2018.03 [heimdalsecurity] [Security Alert: Spam Campaign Spreads Adwind RAT variant, Targeting Computer Systems](https://heimdalsecurity.com/blog/security-alert-spam-campaign-adwind-rat-variant-targeting-systems/)

- 2018.02 [fortinet] [New jRAT/Adwind Variant Being Spread With Package Delivery Scam](https://www.fortinet.com/blog/threat-research/new-jrat-adwind-variant-being-spread-with-package-delivery-scam.html)

- 2018.02 [rsa] [Winds of Winter - MalSpam Delivers Adwind RAT 2-1-2018](https://community.rsa.com/community/products/netwitness/blog/2018/02/05/winds-of-winter-malspam-delivers-adwind-rat-february-2018)

- 2018.02 [myonlinesecurity] [Fake Swift Copy malspam via compromised sites delivering Java Adwind/ QRAT /JRAT Trojan](https://myonlinesecurity.co.uk/fake-swift-copy-malspam-via-compromised-sites-delivering-java-adwind-qrat-jrat-trojan/)

- 2017.12 [myonlinesecurity] [Fake “Your UPS Invoice Is Ready” malspam delivers Java Adwind / Java JRAT Trojan](https://myonlinesecurity.co.uk/fake-your-ups-invoice-is-ready-malspam-delivers-java-adwind-java-jrat-trojan/)

- 2017.08 [netskope] [Adwind RAT employs new obfuscation techniques](https://www.netskope.com/blog/adwind-rat-employs-new-obfuscation-techniques/)

- 2017.07 [trendmicro] [Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind](https://blog.trendmicro.com/trendlabs-security-intelligence/spam-remote-access-trojan-adwind-jrat/)

- 2017.03 [freebuf] [Adwind RAT针对企业攻击，目标超过100个国家和地区](http://www.freebuf.com/news/128021.html)

- 2017.01 [codemetrix] [Decrypting Adwind jRAT jBifrost trojan](https://codemetrix.net/decrypting-adwind-jrat-jbifrost-trojan/)

- 2016.08 [fortinet] [JBifrost: Yet Another Incarnation of the Adwind RAT](https://www.fortinet.com/blog/threat-research/jbifrost-yet-another-incarnation-of-the-adwind-rat.html)

- 2016.07 [heimdalsecurity] [Security Alert: Adwind RAT Used in Targeted Attacks with Zero AV Detection](https://heimdalsecurity.com/blog/security-alert-adwind-rat-targeted-attacks-zero-av-detection/)

- 2016.02 [securelist] [Expert: cross-platform Adwind RAT](https://securelist.com/expert-cross-platform-adwind-rat/73773/)

- 2016.02 [kaspersky] [The wind that smells like RAT: The story of Adwind MaaS](https://www.kaspersky.com/blog/adwind-rat-2/15126/)

- 2013.11 [crowdstrike] [Adwind RAT Rebranding](https://www.crowdstrike.com/blog/adwind-rat-rebranding/)

***

## CannibalRAT

- 2018.02 [talosintelligence] [CannibalRAT targets Brazil](http://blog.talosintelligence.com/2018/02/cannibalrat-targets-brazil.html)

***

## jRAT

- 2018.10 [cofense] [H-Worm and jRAT Malware: Two RATs are Better than One](https://cofense.com/h-worm-jrat-malware-two-rats-better-one/)

- 2018.08 [Sebdraven] [Lammers, stealers and RATs: same technics like Formbook malware to install JRAT and HawkEye…](https://medium.com/p/8c010e9f40d4)

- 2018.03 [trustwave] [Crypter-as-a-Service Helps jRAT Fly Under The Radar](https://www.trustwave.com/Resources/SpiderLabs-Blog/Crypter-as-a-Service-Helps-jRAT-Fly-Under-The-Radar/)

***

## jsRAT

- 2018.02 [netskope] [ShortJSRAT leverages cloud with scriptlets](https://www.netskope.com/blog/shortjsrat-leverages-cloud-scriptlets/)

- 2017.07 [rsa] [Recreating the Crime Scene - A JSRat Story](https://community.rsa.com/community/products/netwitness/blog/2017/07/13/httpscommunityrsacomblogcreate-postjspacontainertype37containerid1034draftid43558recreating-the-crime-scene-a-jsrat-story)

- 2016.05 [evi1cg] [JSRAT几种启动方式](https://evi1cg.me/archives/Run_JSRAT.html)

- 2016.03 [hackingarticles] [Hack Remote Windows 10 PC using JSRAT](http://www.hackingarticles.in/hack-remote-windows-10-pc-using-jsrat/)

- 2015.07 [secist] [使用JSRAT远程管理win10系统](http://www.secist.com/archives/305.html)

***

## CrossRat

- 2018.01 [360] [分析一款全球网络间谍活动中的跨平台恶意软件-CrossRAT（下）](https://www.anquanke.com/post/id/96383/)

- 2018.01 [4hou] [CrossRat远程控制软件的分析](http://www.4hou.com/technology/10131.html)

- 2018.01 [360] [分析一款全球网络间谍活动中的跨平台恶意软件-CrossRAT（上）](https://www.anquanke.com/post/id/96323/)

- 2018.01 [objective] [分析用于全球网络间谍活动的跨平台远控 CrossRAT](https://objective-see.com/blog/blog_0x28.html)

***

## ArmaRat

- 2018.09 [360] [ArmaRat：针对伊朗用户长达两年的间谍活动](https://www.anquanke.com/post/id/159264/)

***

## RokRAT

- 2018.01 [morphisec] [Threat Profile: RokRAT](http://blog.morphisec.com/threat-profile-rokrat)

- 2017.12 [MalwareAnalysisForHedgehogs] [Malware Analysis - ROKRAT Unpacking from Injected Shellcode](https://www.youtube.com/watch?v=uoBQE5s2ba4)

- 2017.11 [talosintelligence] [ROKRAT Reloaded](https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html)

- 2017.06 [alienvault] [A RAT that Tweets: New ROKRAT Malware Hides behind Twitter, Amazon, and Hulu Traffic](https://www.alienvault.com/blogs/security-essentials/a-rat-that-tweets-new-rokrat-malware-hides-behind-twitter-amazon-and-hulu-traffic)

- 2017.04 [360] [使用云平台的ROKRAT木马分析](https://www.anquanke.com/post/id/85847/)

- 2017.04 [talosintelligence] [ROKRAT 远控分析：从钓鱼到payload，以Twitter/Yandex/Mediafire做C&C。](https://blog.talosintelligence.com/2017/04/introducing-rokrat.html)

***

## CatKARAT

- 2018.01 [hackingarticles] [TCP & UDP Packet Crafting with CatKARAT](http://www.hackingarticles.in/tcp-udp-packet-crafting-catkarat/)

***

## TheFatRat

- 2018.11 [freebuf] [技术分享 | 看我如何使用TheFatRat黑掉你的Android手机](https://www.freebuf.com/articles/terminal/188986.html)

- 2017.11 [TheHackerStuff] [TheFatRat - Hacking Over WAN - Embedding Payload in Original Android APK - Without Port Forwarding](https://www.youtube.com/watch?v=XLNigYZ5-fM)

- 2016.12 [TheHackerStuff] [Kali Linux - TheFatRat - Creating an Undetectable Backdoor - Bypass all AntiVirus](https://www.youtube.com/watch?v=uwMRuQBVS7k)

- 2016.09 [freebuf] [TheFatRat：Msfvenom傻瓜化后门生成工具](http://www.freebuf.com/sectool/113597.html)

- 2016.07 [hackingarticles] [Hack Remote Windows 10 PC using TheFatRat](http://www.hackingarticles.in/hack-remote-windows-10-pc-using-thefatrat/)

***

## OmniRAT

- 2017.07 [skycure] [Nasty backdoor OmniRAT is back, disguised as GhostCtrl on Android mobile devices](https://www.skycure.com/blog/nasty-backdoor-omnirat-back-disguised-ghostctrl-android-mobile-devices/)

- 2015.11 [freebuf] [OmniRAT变种木马被恶意利用](http://www.freebuf.com/news/85281.html)

***

## LuminosityLink

- 2018.10 [welivesecurity] [LuminosityLink RAT pack leader jailed 30 months in the US](https://www.welivesecurity.com/2018/10/24/luminositylink-rat-author-sentenced-jail/)

- 2018.02 [paloaltonetworks] [RAT Trapped? LuminosityLink Falls Foul of Vermin Eradicatio](https://unit42.paloaltonetworks.com/unit42-rat-trapped-luminositylink-falls-foul-vermin-eradication-efforts/)

- 2017.05 [UltraHacks] [How to setup LuminosityLink RAT with nVPN | PORTFORWARD FIX!!!](https://www.youtube.com/watch?v=AiiQNtJfgBc)

- 2017.05 [umbrella] [The Weather Report: Seamless Campaign, LuminosityLink RAT, and OG-Miner!](https://umbrella.cisco.com:443/blog/2017/05/24/weather-report-seamless-campaign-luminositylink-rat-og-miner/)

- 2017.03 [myonlinesecurity] [Request for 1st new order proforma invoice malspam delivers LuminosityLink RAT](https://myonlinesecurity.co.uk/request-for-1st-new-order-proforma-invoice-malspam-delivers-luminositylink-rat/)

- 2016.07 [paloaltonetworks] [Investigating the LuminosityLink Remote Access Trojan Conf](https://unit42.paloaltonetworks.com/unit42-investigating-the-luminositylink-remote-access-trojan-configuration/)

***

## 其他

- 2020.02 [proofpoint] [Proofpoint Q4 2019 Threat Report and Year in Review — The Year of the RAT Ends with More of the Same](https://www.proofpoint.com/us/threat-insight/post/proofpoint-q4-2019-threat-report-and-year-review-year-rat-ends-more-same)

- 2020.01 [sentinelone] [CISO Essentials | How Remote Access Trojans Affect the Enterprise](https://www.sentinelone.com/blog/ciso-essentials-how-remote-access-trojans-affect-the-enterprise/)

- 2020.01 [TheCyberWire] [RATs, backdoors, and a remote code execution zero-day. Hoods breach Mitsubishi Electric. Telnet...](https://www.youtube.com/watch?v=8jdAA2O7_EI)

- 2020.01 [freebuf] [针对在有效数字证书内植入远控木马病毒分析报告](https://www.freebuf.com/articles/paper/224147.html)

- 2020.01 [rambus] [Cable Haunt vulnerability can give hackers remote access to approximately 200 million cable modems](https://www.rambus.com/blogs/cable-haunt-vulnerability-can-give-hackers-remote-access-to-approximately-200-million-cable-modems/)

- 2020.01 [proofpoint] [Threat Insight 2019 in Review: Year of the RAT](https://www.proofpoint.com/us/threat-insight/post/threat-insight-2019-review-year-rat)

- 2019.12 [ptsecurity] [Turkish tricks with worms, RATs… and a freelancer](http://blog.ptsecurity.com/2019/12/turkish-tricks-with-worms-rats-and.html)

- 2019.12 [infosecinstitute] [Malware spotlight: What is a Remote Access Trojan (RAT)?](https://resources.infosecinstitute.com/malware-spotlight-what-is-a-remote-access-trojan-rat/)

- 2019.12 [UltraHacks] [Dark Shades Android RAT | Ultra Hacks](https://www.youtube.com/watch?v=toO_edSq_t0)

- 2019.11 [broadanalysis] [Fallout Exploit Kit delivers suspect Remote Access Trojan (RAT)](https://broadanalysis.com/2019/11/25/fallout-exploit-kit-delivers-suspect-remote-access-trojan-rat/)

- 2019.11 [carbonblack] [Threat Analysis Unit (TAU) Threat Intelligence Notification: AsyncRAT](https://www.carbonblack.com/2019/11/19/threat-analysis-unit-tau-threat-intelligence-notification-asyncrat/)

- 2019.11 [proofpoint] [Proofpoint Q3 2019 Threat Report — Emotet’s return, RATs reign supreme, and more](https://www.proofpoint.com/us/threat-insight/post/proofpoint-q3-2019-threat-report-emotets-return-rats-reign-supreme-and-more)

- 2019.10 [tencent] [快Go矿工（KuaiGoMiner）控制数万电脑挖矿，释放远控木马窃取机密](https://s.tencent.com/research/report/824.html)

- 2019.10 [4hou] [快go矿工（KuaiGoMiner）控制数万电脑挖矿，释放远控木马窃取机密](https://www.4hou.com/system/20919.html)

- 2019.10 [proofpoint] [TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader](https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader)

- 2019.10 [tencent] [“月光（Moonlight）”蠕虫威胁高校网络，中毒电脑被远程控制](https://s.tencent.com/research/report/821.html)

- 2019.10 [4hou] [“月光（Moonlight）”蠕虫威胁高校网络，中毒电脑被远程控制](https://www.4hou.com/system/20853.html)

- 2019.10 [freebuf] [反间谍之旅：首款安卓远控木马工具分析](https://www.freebuf.com/articles/terminal/214201.html)

- 2019.09 [4hou] [病毒团伙利用phpStudy RCE漏洞批量抓鸡，下发四个远控木马](https://www.4hou.com/system/20637.html)

- 2019.09 [aliyun] [利用badusb对用户进行木马远控](https://xz.aliyun.com/t/6386)

- 2019.09 [sensecy] [ARABIC-SPEAKING THREAT ACTOR RECYCLES THE SOURCE CODE OF POPULAR RAT SPYNOTE AND SELLS IT IN THE DARK WEB, AS NEW](https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/)

- 2019.08 [securelist] [Fully equipped Spying Android RAT from Brazil: BRATA](https://securelist.com/spying-android-rat-from-brazil-brata/92775/)

- 2019.08 [talosintelligence] [RAT Ratatouille: Backdooring PCs with leaked RATs](https://blog.talosintelligence.com/2019/08/rat-ratatouille-revrat-orcus.html)

- 2019.08 [malware] [2019-08-26 - DATA DUMP: SOCGHOLISH CAMPAIGN PUSHES NETSUPPORT RAT](http://malware-traffic-analysis.net/2019/08/26/index.html)

- 2019.08 [fortinet] [Fake Indian Income Tax Calculator Delivers xRAT Variant](https://www.fortinet.com/blog/threat-research/fake-indian-income-tax-calculator-xrat-variant.html)

- 2019.07 [tencent] [商贸信家族新活跃：利用钓鱼邮件传播商业远控木马RevetRAT](https://s.tencent.com/research/report/767.html)

- 2019.07 [freebuf] [关于远控木马你应该了解的知识点](https://www.freebuf.com/articles/system/207643.html)

- 2019.07 [trendmicro] [Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C](https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-targets-colombian-entities-with-custom-proyecto-rat-email-service-yopmail-for-cc/)

- 2019.07 [freebuf] [APT34核心组件Glimpse：远控复现与流量分析](https://www.freebuf.com/articles/database/207469.html)

- 2019.07 [d] [Red Team Diary, Entry #1: Making NSA’s PeddleCheap RAT Invisible](https://medium.com/p/f88ccbdc484d)

- 2019.07 [yoroi] [Spotting RATs: Tales from a Criminal Attack](https://blog.yoroi.company/research/spotting-rats-tales-from-a-criminal-attack/)

- 2019.07 [cybersecpolitics] [Book Review: Delusions of Intelligence, R.A. RATCLIFF](https://cybersecpolitics.blogspot.com/2019/07/book-review-delusions-of-intelligence.html)

- 2019.07 [4hou] [探寻木马进化趋势：APT32多版本远控木马Ratsnif的横向分析](https://www.4hou.com/reverse/18994.html)

- 2019.07 [4hou] [浅谈远控木马](https://www.4hou.com/info/observation/19022.html)

- 2019.07 [freebuf] [投递恶意lnk使用JwsclTerminalServer实现远程控制和信息获取](https://www.freebuf.com/articles/system/207109.html)

- 2019.07 [securityintelligence] [Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)?](https://securityintelligence.com/posts/taking-over-the-overlay-what-triggers-the-avlay-remote-access-trojan-rat/)

- 2019.07 [securityintelligence] [Taking Over the Overlay: Reverse Engineering a Brazilian Remote Access Trojan (RAT)](https://securityintelligence.com/posts/taking-over-the-overlay-reverse-engineering-a-brazilian-remote-access-trojan-rat/)

- 2019.07 [talosintelligence] [RATs and stealers rush through “Heaven’s Gate” with new loader](https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html)

- 2019.06 [4hou] [警惕H-worm蠕虫病毒伪装电影样片钓鱼，草率点击附件会中远控木马](https://www.4hou.com/web/18741.html)

- 2019.06 [nightst0rm] [Tôi đã chiếm quyền điều khiển của rất nhiều trang web như thế nào?](https://medium.com/p/61efdf4a03f5)

- 2019.06 [4hou] [TA505在最新攻击活动中使用HTML, RAT和其他技术](https://www.4hou.com/web/18563.html)

- 2019.06 [trendmicro] [Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns](https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/)

- 2019.05 [4hou] [提高恶意软件多任务处理能力的Babylon RAT](https://www.4hou.com/web/18114.html)

- 2019.05 [360] [记一次利用XLM宏投放远控工具的垃圾邮件活动](https://www.anquanke.com/post/id/178366/)

- 2019.05 [arxiv] [[1905.07273] Finding Rats in Cats: Detecting Stealthy Attacks using Group Anomaly Detection](https://arxiv.org/abs/1905.07273)

- 2019.05 [freebuf] [基于Python的BS远控Ares实战](https://www.freebuf.com/articles/system/202419.html)

- 2019.05 [4hou] [C&C远控工具:WebSocket C2](https://www.4hou.com/tools/17528.html)

- 2019.04 [paloaltonetworks] [BabyShark Malware Part Two – Attacks Continue Using KimJongRAT](https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/)

- 2019.04 [freebuf] [看我如何揪出远控背后的幕后黑手](https://www.freebuf.com/vuls/200895.html)

- 2019.04 [4hou] [C&C远控工具：Ares](https://www.4hou.com/tools/17527.html)

- 2019.04 [krebsonsecurity] [Who’s Behind the RevCode WebMonitor RAT?](https://krebsonsecurity.com/2019/04/whos-behind-the-revcode-webmonitor-rat/)

- 2019.04 [freebuf] [门罗币挖矿&远控木马样本分析](https://www.freebuf.com/articles/system/200875.html)

- 2019.04 [4hou] [门罗币挖矿+远控木马样本分析](https://www.4hou.com/system/17380.html)

- 2019.04 [4hou] [LimeRAT在野外传播](https://www.4hou.com/web/17312.html)

- 2019.04 [yoroi] [LimeRAT spreads in the wild](https://blog.yoroi.company/research/limerat-spreads-in-the-wild/)

- 2019.04 [alexander] [Week 6 Cyberattack Digest 2019 – ExileRAT trojan, Eskom Group, and others](https://www.peerlyst.com/posts/week-6-cyberattack-digest-2019-exilerat-trojan-eskom-group-and-others-alexander-polyakov)

- 2019.03 [360] [木马作者主动提交Tatoo远控后门程序](https://www.anquanke.com/post/id/175513/)

- 2019.03 [flashpoint] [FIN7 Revisited: Inside Astra Panel and SQLRat Malware](https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/)

- 2019.03 [tencent] [挖矿木马针对SQL服务器爆破攻击 中招可致服务器被远程控制](https://s.tencent.com/research/report/684.html)

- 2019.03 [paloaltonetworks] [Cardinal RAT Sins Again, Targets Israeli Fin-T](https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/)

- 2019.03 [aliyun] [分析如何使用JAVA-VBS来传播RAT](https://xz.aliyun.com/t/4287)

- 2019.03 [malware] [2019-03-06 - QUICK POST: KOREAN MALSPAM PUSHES FLAWED AMMYY RAT MALWARE](http://malware-traffic-analysis.net/2019/03/06/index.html)

- 2019.03 [4hou] [JAVA+VBS传播RAT](https://www.4hou.com/system/16495.html)

- 2019.03 [mcafee] [JAVA-VBS Joint Exercise Delivers RAT](https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/java-vbs-joint-exercise-delivers-rat/)

- 2019.02 [dodgethissecurity] [Reverse Engineering an Unknown RAT – Lets call it SkidRAT 1.0](https://www.dodgethissecurity.com/2019/02/28/reverse-engineering-an-unknown-rat-lets-call-it-skidrat-1-0/)

- 2019.02 [4hou] [ExileRAT与LuckyCat共享C2基础设施](http://www.4hou.com/web/16112.html)

- 2019.02 [freebuf] [小米M365电动滑板车面临黑客攻击和远程控制风险](https://www.freebuf.com/news/195635.html)

- 2019.02 [myonlinesecurity] [Fake Blockchain authentication update delivers Dark Comet RAT](https://myonlinesecurity.co.uk/fake-blockchain-authentication-update-delivers-dark-comet-rat/)

- 2019.02 [securityartwork] [Case study: “Imminent RATs” (III)](https://www.securityartwork.es/2019/02/08/case-study-imminent-rats-iii/)

- 2019.02 [securityartwork] [Case study: “Imminent RATs” (II)](https://www.securityartwork.es/2019/02/06/case-study-imminent-rats-ii/)

- 2019.02 [securityledger] [ExileRAT Malware Targets Tibetan Exile Government](https://securityledger.com/2019/02/exilerat-malware-targets-tibetan-exile-government/)

- 2019.02 [securityartwork] [Case study: “Imminent RATs” (I)](https://www.securityartwork.es/2019/02/04/case-study-imminent-rats-i/)

- 2019.02 [talosintelligence] [ExileRAT shares C2 with LuckyCat, targets Tibet](https://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html)

- 2019.02 [0x00sec] [Programming language for Remote Access Toolkit](https://0x00sec.org/t/programming-language-for-remote-access-toolkit/11290/)

- 2019.01 [angelalonso] [Fudcrypt: the service to crypt Java RAT through VBS scripts and Houdini malware](https://blog.angelalonso.es/2019/01/fudcrypt-service-to-crypt-java-rat.html)

- 2019.01 [yoroi] [The Story of Manuel’s Java RAT](https://blog.yoroi.company/research/the-story-of-manuels-java-rat/)

- 2019.01 [0x00sec] [RATs question. Long break](https://0x00sec.org/t/rats-question-long-break/11084/)

- 2019.01 [aliyun] [使用AMP技术分析RAT威胁](https://xz.aliyun.com/t/3900)

- 2019.01 [360] [利用Marvell Avastar Wi-Fi中的漏洞远程控制设备：从零知识入门到RCE漏洞挖掘利用（下）](https://www.anquanke.com/post/id/170078/)

- 2019.01 [aliyun] [使用MS Word文档传播.Net RAT恶意软件](https://xz.aliyun.com/t/3873)

- 2019.01 [tencent] [腾讯电脑管家：“大灰狼”远控木马伪装成“会所会员资料”传播](https://s.tencent.com/research/report/640.html)

- 2019.01 [360] [利用Marvell Avastar Wi-Fi中的漏洞远程控制设备：从零知识入门到RCE漏洞挖掘利用（上）](https://www.anquanke.com/post/id/169892/)

- 2019.01 [4hou] [使用MS Word文档传播.Net RAT恶意软件](http://www.4hou.com/system/15835.html)

- 2019.01 [0x00sec] [VPS or a VPN for a RAT?](https://0x00sec.org/t/vps-or-a-vpn-for-a-rat/10973/)

- 2019.01 [talosintelligence] [What we learned by unpacking a recent wave of Imminent RAT infections using AMP](https://blog.talosintelligence.com/2019/01/what-we-learned-by-unpacking-recent.html)

- 2019.01 [fortinet] [.Net RAT Malware Being Spread by MS Word Documents](https://www.fortinet.com/blog/threat-research/-net-rat-malware-being-spread-by-ms-word-documents.html)

- 2019.01 [4hou] [TA505将新的ServHelper Backdoor和FlawedGrace RAT添加到其军火库中](http://www.4hou.com/web/15732.html)

- 2019.01 [tencent] [劫持浏览器、远程控制、视频刷量，这种破解激活工具有毒！](https://s.tencent.com/research/report/630.html)

- 2019.01 [4hou] [广告恶意软件伪装成游戏、远程控制APP感染900万Google play用户](http://www.4hou.com/web/15676.html)

- 2019.01 [UltraHacks] [Ozone RAT C++ | Hidden VNC [TUTORIAL VIDEO] | Ultra Hacks](https://www.youtube.com/watch?v=72ej6IJPOoY)

- 2019.01 [micropoor] [高级持续渗透-第八季demo便是远控](https://micropoor.blogspot.com/2019/01/demo.html)

- 2019.01 [tencent] [疑似Gorgon组织使用Azorult远控木马针对中国外贸行业的定向攻击活动](https://s.tencent.com/research/report/624.html)

- 2019.01 [4hou] [JungleSec勒索软件通过IPMI远程控制台感染受害者](http://www.4hou.com/typ/15461.html)

- 2019.01 [sans] [Remote Access Tools:  The Hidden Threats Inside Your Network](https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1569959492.pdf)

- 2018.12 [freebuf] [tRat：一种出现在多起垃圾电子邮件活动中的新型模块化RAT](https://www.freebuf.com/articles/terminal/191004.html)

- 2018.12 [k7computing] [Scumbag Combo: Agent Tesla and XpertRAT](https://blog.k7computing.com/?p=15672)

- 2018.12 [360] [Flash 0day + Hacking Team远控：利用最新Flash 0day漏洞的攻击活动与关联分析](https://www.anquanke.com/post/id/167334/)

- 2018.12 [freebuf] [Flash 0day+Hacking Team远控：利用最新Flash 0day漏洞的攻击活动与关联分析](https://www.freebuf.com/articles/system/191382.html)

- 2018.11 [4hou] [tRat：新模块化RAT](http://www.4hou.com/system/14606.html)

- 2018.11 [proofpoint] [tRat: 多个垃圾邮件行动中传播的新型模块化远控](https://www.proofpoint.com/us/threat-insight/post/trat-new-modular-rat-appears-multiple-email-campaigns)

- 2018.11 [checkpoint] [October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Top 10 Threats | Check Point Software Blog](https://blog.checkpoint.com/2018/11/13/october-2018s-most-wanted-malware-for-the-first-time-remote-access-trojan-reaches-top-threats-cryptomining/)

- 2018.11 [checkpoint] [October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Global Threat Index’s Top 10](https://www.checkpoint.com/press/2018/october-2018s-most-wanted-malware-for-the-first-time-remote-access-trojan-reaches-global-threat-indexs-top-10/)

- 2018.10 [DEFCONConference] [DEF CON 26 CAR HACKING VILLAGE - Dan Regalado - Meet Salinas, 1st SMS commanded Car Infotainment RAT](https://www.youtube.com/watch?v=j3dfgTKa7pQ)

- 2018.10 [cybrary] [“I smell a rat!” – AhMyth, not a Myth](https://www.cybrary.it/2018/10/ahmyth-not-myth/)

- 2018.10 [4hou] [如何在工业领域中使用RAT进行攻击](http://www.4hou.com/web/13875.html)

- 2018.10 [360] [远控木马盗用网易官方签名](https://www.anquanke.com/post/id/162056/)

- 2018.10 [ncsc] [RATs, Mimikatz and other domestic pests](https://www.ncsc.gov.uk/blog-post/rats-mimikatz-and-other-domestic-pests)

- 2018.10 [infosecinstitute] [Interview with RaT, the High Council President of SOLDIERX](https://resources.infosecinstitute.com/interview-with-rat-the-high-council-president-of-soldierx/)

- 2018.10 [vulnerability0lab] [Facebook Inc via Instagram Business - Remote Access Token Vulnerability (Original Facebook Video)](https://www.youtube.com/watch?v=4Obsd1Qw7uU)

- 2018.10 [securityledger] [Episode 114: Complexity at Root of Facebook Breach and LoJax is a RAT You Can’t Kill](https://securityledger.com/2018/10/episode-114-complexity-at-root-of-facebook-breach-and-lojax-is-a-rat-you-cant-kill/)

- 2018.10 [sophos] [IP EXPO Europe 2018: Sophos experts talk AI, privacy vs security, and RATs](https://news.sophos.com/en-us/2018/10/02/ip-expo-europe-2018-sophos-experts-talk-ai-privacy-vs-security-and-rats/)

- 2018.09 [kaspersky] [Threats posed by using RATs in ICS](https://ics-cert.kaspersky.com/reports/2018/09/20/threats-posed-by-using-rats-in-ics/)

- 2018.09 [kaspersky] [Industrial networks in need of RAT control](https://www.kaspersky.com/blog/rats-in-ics/23949/)

- 2018.09 [securelist] [Threats posed by using RATs in ICS](https://securelist.com/threats-posed-by-using-rats-in-ics/88011/)

- 2018.08 [traffic] [[2018-08-22] Unknown->RigEK->AZORult->BabylonRAT](https://traffic.moe/2018/08/22/index.html)

- 2018.08 [freebuf] [Hero RAT：一种基于Telegram的Android恶意软件](http://www.freebuf.com/articles/terminal/179842.html)

- 2018.08 [4hou] [垃圾邮件活动滥用SettingContent-ms传播FlawedAmmyy RAT](http://www.4hou.com/web/12902.html)

- 2018.08 [aliyun] [基于Telegram的安卓恶意软件HeroRAT分析](https://xz.aliyun.com/t/2525)

- 2018.08 [alienvault] [Off-the-shelf RATs Targeting Pakistan](https://www.alienvault.com/blogs/labs-research/off-the-shelf-rats-targeting-pakistan)

- 2018.07 [k7computing] [Weaponized.IQY: A Quest to Deliver the FlawedAmmyy RAT](https://blog.k7computing.com/?p=6877)

- 2018.07 [trendmicro] [Spam Campaign Abusing SettingContent-ms Found Dropping Same FlawedAmmy RAT Distributed by Necurs](https://blog.trendmicro.com/trendlabs-security-intelligence/spam-campaign-abusing-settingcontent-ms-found-dropping-same-flawedammy-rat-distributed-by-necurs/)

- 2018.07 [k7computing] [Weaponized.IQY: A Quest to Deliver the FlawedAmmyy RAT](http://blog.k7computing.com/2018/07/weaponized-iqy-a-quest-to-deliver-the-flawedammyy-rat/)

- 2018.07 [4hou] [高度复杂的寄生虫RAT已出现在暗网](http://www.4hou.com/web/12820.html)

- 2018.07 [proofpoint] [Parasite HTTP RAT cooks up a stew of stealthy tricks](https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks)

- 2018.07 [aliyun] [Vermin RAThole深度分析](https://xz.aliyun.com/t/2462)

- 2018.07 [proofpoint] [TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT](https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat)

- 2018.07 [welivesecurity] [Vermin one of three RATs used to spy on Ukrainian government institutions](https://www.welivesecurity.com/2018/07/17/deep-dive-vermin-rathole/)

- 2018.07 [freebuf] [HeroRAT：一款全新的基于Telegram的安卓远程访问木马](http://www.freebuf.com/articles/terminal/175450.html)

- 2018.06 [heimdalsecurity] [Security Alert: New Spam Campaign Delivers Flawed Ammyy RAT to Infect Victims’ Computers](https://heimdalsecurity.com/blog/security-alert-flawed-ammyy-rat/)

- 2018.06 [welivesecurity] [HeroRAT: 基于Telegram的Android远控, 使用Xamarin框架编写](https://www.welivesecurity.com/2018/06/18/new-telegram-abusing-android-rat/)

- 2018.06 [4hou] [美国政府最新技术警报：警惕朝鲜黑客组织Hidden Cobra正在使用的两款RAT和蠕虫病毒](http://www.4hou.com/info/news/11930.html)

- 2018.06 [4hou] [NavRAT利用美朝元首脑会晤作为对韩国袭击的诱饵](http://www.4hou.com/web/11941.html)

- 2018.06 [360] [NavRAT借美朝会晤话题攻击韩国](https://www.anquanke.com/post/id/146816/)

- 2018.05 [talosintelligence] [NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea](https://blog.talosintelligence.com/2018/05/navrat.html)

- 2018.05 [myonlinesecurity] [Necurs delivering Flawed Ammy RAT via IQY Excel Web Query files](https://myonlinesecurity.co.uk/necurs-delivering-flawed-ammy-rat-via-iqy-excel-web-query-files/)

- 2018.05 [freebuf] [被黑的Drupal网站被用来挖矿，传播远控，发送诈骗邮件](http://www.freebuf.com/articles/web/172563.html)

- 2018.05 [andreafortuna] [Malware VM detection techniques evolving: an analysis of GravityRAT](https://www.andreafortuna.org/malware-analysis/malware-vm-detection-techniques-evolving-an-analysis-of-gravityrat/)

- 2018.05 [360] [GravityRAT：以印度为APT目标两年内的演变史](https://www.anquanke.com/post/id/106933/)

- 2018.05 [pcsxcetrasupport3] [A closer look at “NetSupport”(Rat) top 2 layers](https://pcsxcetrasupport3.wordpress.com/2018/05/04/a-closer-look-at-netsupportrat-top-2-layers/)

- 2018.05 [freebuf] [神话传奇：一款通过卖号在微信群传播的远控木马](http://www.freebuf.com/articles/system/170196.html)

- 2018.04 [virusbulletin] [GravityRAT malware takes your system's temperature](https://www.virusbulletin.com/blog/2018/04/gravityrat-malware-takes-your-systems-temperature/)

- 2018.04 [360] [神话传奇——通过卖号微信群传播的远控木马](https://www.anquanke.com/post/id/106767/)

- 2018.04 [talosintelligence] [GravityRAT - The Two-Year Evolution Of An APT Targeting India](https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html)

- 2018.04 [UltraHacks] [WebMonitor RAT - NO PORTFORWARD NEEDED + FREE VPN *NEW*](https://www.youtube.com/watch?v=Yg-5ZUKbd3c)

- 2018.04 [4hou] [吃鸡辅助远控木马分析](http://www.4hou.com/system/11194.html)

- 2018.04 [freebuf] [吃鸡辅助远控木马分析](http://www.freebuf.com/articles/paper/169504.html)

- 2018.04 [360] [吃鸡辅助远控木马分析](https://www.anquanke.com/post/id/105670/)

- 2018.04 [4hou] [利用Digital Ocean构建远控基础设施](http://www.4hou.com/technology/11107.html)

- 2018.04 [flashpoint] [RAT Gone Rogue: Meet ARS VBS Loader](https://www.flashpoint-intel.com/blog/meet-ars-vbs-loader/)

- 2018.04 [lookout] [mAPT ViperRAT Found in Google Play](https://blog.lookout.com/viperrat-google-play)

- 2018.04 [bitdefender] [RadRAT: An all-in-one toolkit for complex espionage ops](https://labs.bitdefender.com/2018/04/radrat-an-all-in-one-toolkit-for-complex-espionage-ops/)

- 2018.04 [paloaltonetworks] [Say “Cheese”: WebMonitor RAT Comes with C2-as-a-Servic](https://unit42.paloaltonetworks.com/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/)

- 2018.04 [freebuf] [DELPHI黑客编程（三）：简单远控原理实现](http://www.freebuf.com/articles/system/166876.html)

- 2018.04 [fireeye] [Fake Software Update Abuses NetSupport Remote Access Tool](http://www.fireeye.com/blog/threat-research/2018/04/fake-software-update-abuses-netsupport-remote-access-tool.html)

- 2018.04 [freebuf] [PowerShell-RAT：一款基于Python的后门程序](http://www.freebuf.com/sectool/165789.html)

- 2018.03 [UltraHacks] [Spynote v5.8 Android RAT | Tutorial | www.ultrahacks.org | Ultra Hacks](https://www.youtube.com/watch?v=SIqed5aL6F0)

- 2018.03 [360] [TeleRAT：再次发现利用Telegram来定位伊朗用户的Android恶意软件](https://www.anquanke.com/post/id/102398/)

- 2018.03 [paloaltonetworks] [TeleRAT: Another Android Trojan Leveraging Telegram’s Bot API to Target Iran](https://unit42.paloaltonetworks.com/unit42-telerat-another-android-trojan-leveraging-telegrams-bot-api-to-target-iranian-users/)

- 2018.03 [4hou] [三星SmartCam相机被曝存在十多个安全漏洞，可被远程控制、修改视频画面](http://www.4hou.com/info/news/10696.html)

- 2018.03 [360] [针对OS X上Coldroot RAT跨平台后门的详细分析](https://www.anquanke.com/post/id/100727/)

- 2018.03 [freebuf] [前端黑魔法之远程控制地址栏](http://www.freebuf.com/articles/web/164711.html)

- 2018.03 [broadanalysis] [EiTest campaign Hoefler Text Pop-up delivers NetSupport Manager RAT](http://www.broadanalysis.com/2018/03/11/eitest-campaign-hoefler-text-pop-up-delivers-netsupport-manager-rat-5/)

- 2018.03 [leavesongs] [前端黑魔法之远程控制地址栏](https://www.leavesongs.com/PENETRATION/use-target-to-spoof-fishing.html)

- 2018.03 [broadanalysis] [Fake Flash update leads to NetSupport RAT](http://www.broadanalysis.com/2018/03/08/fake-flash-update-leads-to-netsupport-rat-2/)

- 2018.03 [broadanalysis] [EiTest campaign Hoefler Text Pop-up delivers NetSupport Manager RAT](http://www.broadanalysis.com/2018/03/08/eitest-campaign-hoefler-text-pop-up-delivers-netsupport-manager-rat-4/)

- 2018.03 [4hou] [高清无码！比鬼片还刺激！且听“诡娃”远控的这首惊魂曲](http://www.4hou.com/technology/10558.html)

- 2018.03 [freebuf] [高清无码！比鬼片还刺激！且听“诡娃”远控的这首惊魂曲](http://www.freebuf.com/articles/system/163988.html)

- 2018.03 [360] [胆小者慎入！比鬼片还刺激！且听“诡娃”远控的这首惊魂曲](https://www.anquanke.com/post/id/99667/)

- 2018.02 [broadanalysis] [Fake Flash update leads to NetSupport RAT](http://www.broadanalysis.com/2018/02/27/fake-flash-update-leads-to-netsupport-rat/)

- 2018.02 [broadanalysis] [EiTest campaign Hoefler Text Pop-up delivers NetSupport Manager RA