RedCore RAT
RedCore RAT is a piece of malware used by the Cycldek APT group. These Chinese hackers focus on infecting high-value networks in Laos, Thailand, Vietnam and other countries in Southeastern Asia. Their tools include a wide variety of threats, including the BlueCore, NewCore and RedCore RATs. All of these share similar functionality, but BlueCore and RedCore have been identified as successors of the original NewCore RAT.
While the BlueCore RAT has been stripped of some of its features, the same cannot be said about the RedCore RAT – this threat packs a wide range of features that turn it into an exceptionally threatening implant. Once initialized, it can:
- Execute remote commands.
- Modify the file system.
- Download and launch new files.
- Use a keylogger module to log keystrokes for specific windows.
- List connected hard drives and other storage devices.
- Monitor Remote Desktop Protocol (RDP) connections and report to the control server when a connection is active.
- Turn the compromised host into a proxy server.
The RedCore RAT often may hide its payload by pretending to be a legitimate application related to various anti-virus vendors or Microsoft and Google utilities.
While the BlueCore RAT was spread via weaponized RTF documents, there is not enough data about the method used to distribute the RedCore RAT. However, considering that the targets of Cycldek are government systems, it is safe to assume that the RedCore RAT also is being distributed via spear-phishing emails.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.