Remote Access Trojan
ObliqueRAT
First seen: 2020-01 • Status: active
Currently Active Threat
ObliqueRAT hides its commands inside images. It is used by Pakistani hackers to target South Asian governments.
Overview
ObliqueRAT is associated with APT36 and targets South Asian governments. It uses steganography for C2 communication.
How It Spreads
- • Malicious documents
- • Steganography
What It Does
- • Espionage
- • File theft
- • Steganographic C2
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for image-based C2
MITRE ATT&CK Techniques
T1027, T1005
If You're Infected
- 1.
Nation-state incident response
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required