Tracking an evolving Discord-based RAT family

Oct. 31, 2025, 11:30 a.m.

Description

ReversingLabs has identified four new remote access trojans (RATs) utilizing Discord for command and control. These RATs, operated by the STD Group, include Minecraft RAT, UwUdisRAT, STD RAT, and Propionanilide RAT. The malware, written in C++, uses a ROT23 cipher to encode Discord bot tokens for C2 communication. The analysis reveals the evolution from single payloads to experimentation with packers, particularly in the case of Propionanilide RAT. The report provides detailed insights into each RAT variant, including file indicators and YARA rules for detection.

External References

https://www.reversinglabs.com/blog/tracking-discord-rat-family
https://otx.alienvault.com/pulse/6904823ed648a76ab78fcf7d
Tags
discord
2025-10-31
std rat
propionanilide
uwudisrat
minecraft rat
propionanilide rat

Date

  • Created: Oct. 31, 2025, 9:32 a.m.
  • Published: Oct. 31, 2025, 9:32 a.m.
  • Modified: Oct. 31, 2025, 11:30 a.m.

Attack Patterns

  • Propionanilide RAT
  • STD RAT
  • UwUdisRAT
  • Minecraft RAT
  • STD Group