← Back to Threat Actors
ACTOR PROFILE
OTX AUTHOR
rat
OTX CONTRIBUTOR 57157 PULSES
57157
TOTAL PULSES
Pulses by rat
Operation Double Tap
2014-11-21
23
IOCs
Regin
2014-11-24 ⚑ Regin
60
IOCs
Operation Cleaver
2014-12-02 ⚑ Cleaver
301
IOCs
Operation Windigo
2015-01-30
127
IOCs
Forbes.com Waterhole Attack
2015-02-11 ⚑ Codoso
6
IOCs
Operation Arid Viper
2015-02-20
86
IOCs
Netwire RAT Behind Recent Targeted Attacks
2015-03-03
5
IOCs
Operation Woolen-GoldFish
2015-03-23
52
IOCs
Ratting on AlienSpy
2015-04-07
170
IOCs
Operation Buhtrap
2015-04-09
25
IOCs
Deep Panda Crowdstrike report
2015-04-18
IOCs
Careto - The Masked APT
2015-04-18
IOCs
Destover Sony Pictures Compromise Dropper
2015-04-19
5
IOCs
Gauss
2015-04-20
IOCs
Flame infrastructure
2015-04-20
IOCs
DragonOK Backdoor Malware Deployed Against Japanese Targets
2015-04-20
21
IOCs
Hellsing APT
2015-04-20 ⚑ Hellsing
121
IOCs
Chicken_mm: Analysis on DDoS Attack Organization
2015-04-20
14
IOCs
New POS Malware Emerges - Punkey
2015-04-20
7
IOCs
Operation RussianDoll
2015-04-20 ⚑ Sofacy
9
IOCs
CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security
clickfixsocial engineeringcastleratdenojavascript
2026-03-11
6
IOCs
Payroll pirate attacks targeting Canadian employees
malvertisingcredential phishingcve-2025-27152payroll fraudsession hijacking
2026-04-09 ⚑ Storm-2755
3
IOCs
NPM Package Supply Chain Compromise Leads to RAT Deployment
axios packagepostinstall scriptdeveloper environmentsratnpm package compromise
2026-04-10
7
IOCs
The long road to your crypto: ClipBanker and its marathon infection chain
2026-04-09
12
IOCs
Ringing in Chaos: How TeamPCP Weaponized the Telnyx Python SDK
credential theftratexfiltrationmsbuild.exesysmon.py
2026-03-31 ⚑ TeamPCP
47
IOCs
Bogus website fakes virus scan, installs Venom Stealer instead
venom stealerimpersonationscare tacticsfake antiviruscredential theft
2026-03-27
3
IOCs
APT28 exploit routers to enable DNS hijacking operations
exploittp-linkdns hijackingrussiaoauth
2026-04-07 ⚑ APT28
59
IOCs
Threat Brief: Widespread Impact of the Axios Supply Chain Attack
javascript trojandprk attributionsupply chain attackaxios librarycross-platform rat
2026-04-01
45
IOCs
North Korea's Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads
developer toolingstaged loaderpypi npmratcryptocurrency wallet
2026-04-08 ⚑ Contagious Interview
4
IOCs
Leveling Up with NightSpire Ransomware
persistence mechanismsremote desktopdata exfiltrationnightspireransomware-as-a-service
2026-04-08 ⚑ NightSpire
2
IOCs
An Investigation Into Years of Undetected Operations Targeting High-Value Sectors
superdumpxnoteantswordscanportplusgodzilla
2026-03-06 ⚑ CL-UNK-1068
44
IOCs
MuddyWater Exposed: Inside an Iranian APT operation
cve-2025-52691vulnerability exploitationcve-2022-42475arenac2mois
2026-03-05 ⚑ MuddyWater
19
IOCs
Iranian APT Infrastructure in Focus: Mapping State-Aligned Clusters During Geopolitical Escalation
proactive defensegeopolitical tensionstls fingerprintingtonnerreinfrastructure analysis
2026-03-04 ⚑ MuddyWater
15
IOCs
Stranger Strings: Yurei Ransomware Operator Toolkit Exposed
Yurei RansomwareNetExecNetScanInfostealersAnyDesk
2026-04-01
6
IOCs
Inside the Axios supply chain compromise - one RAT to rule them all
Supply Chain Attacknpm Package CompromiseJavaScriptaxios
2026-04-01
8
IOCs
From Inbox to Intrusion: Multi‑Stage Remcos RAT and C2‑Delivered Payloads in Network
js dropperremote access trojanremcosphishingrat
2026-04-01
12
IOCs
A laughing RAT: CrystalX combines spyware; stealer; and prankware features
malware-as-a-servicecrystalxratmaas
2026-04-01
9
IOCs