Tag: poolrat

3 Attack Reports | 0 Vulnerabilities

Attack reports

Three Lazarus RATs coming for your cheese

This report analyzes three remote access trojans (RATs) used by a Lazarus subgroup targeting financial and cryptocurrency organizations: PondRAT, ThemeForestRAT, and RemotePE. It details an incident response case from 2024 involving social engineering and possible zero-day exploitation. PondRAT is …
rat
social engineering
cryptocurrency
zero-day
poolrat
pondrat
financial
2025-09-02
remotepe
themeforestrat
2025-09-03
Published: September 3, 2025
Downloadable IOCs: 0

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Unit 42 researchers have uncovered an ongoing campaign involving poisoned Python packages that deliver Linux and macOS backdoors. The attackers, believed to be the North Korean-affiliated group Gleaming Pisces, uploaded malicious packages to PyPI. The campaign's objective appears to be gaining acce…
rat
cryptocurrency
macos
poolrat
pondrat
2024-09-19
applejeus
Published: September 19, 2024
Linked vulnerabilities : CVE-2024-3400, CVE-2024-3094
Downloadable IOCs: 16

Threat Assessment: North Korean Threat Groups

This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
malware
espionage
cybercrime
northkorea
rats
comebacker
rustbucket
kandykorn
2024-09-10
collectionrat
fullhouse
poolrat
odicloader
objcshellz
pondrat
smoothoperator
Published: September 10, 2024
Downloadable IOCs: 58
Click here to see more Attack Reports