PoetRAT

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Cisco Talos recently discovered a new malware campaign named "PoetRAT," which is a remote access Trojan that was initially written in Python but has since evolved into using Lua script. The malware is split into multiple parts and contains various references to William Shakespeare, the English playwright. This campaign uses phishing websites such as gov-az[.]herokuapp[.]com and dellgenius[.]hopto[.]org as its command-and-control infrastructure. The first version of PoetRAT used FTP for exfiltration, while the newer version supports HTTP, which allows attackers to avoid signature-based detection and stay under the radar. Furthermore, Cisco's investigation uncovered potential connections with other threat actors, including overviews with Kasablanka, the operators of LodaRAT, and stronger overlaps in both tooling and target choices with the activity of Stibnite, the operators of PoetRAT. It is essential to be aware of this type of threat as malware can affect computer systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. It is crucial to maintain up-to-date security measures to protect against potential attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Talos
Cisco
Trojan
Azerbaijan
Malware
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the PoetRAT Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
MITRE
a year ago
PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
CERT-EU
a year ago
New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries