├── .github
    └── workflows
    │   ├── mlc_config.json
    │   └── md_link_check.yml
├── CITATION.cff
└── README.md


/.github/workflows/mlc_config.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "ignorePatterns": [
 3 | 		{
 4 | 			"pattern": "^https:\/\/github.com\/stratosphereips\/attackers_profiling\/actions\/workflows\/md_link_check.yml\/badge.svg"
 5 | 		},
 6 | 	],
 7 |     "aliveStatusCodes": [
 8 |         200,
 9 |         302
10 |     ]
11 | }
12 | 


--------------------------------------------------------------------------------
/CITATION.cff:
--------------------------------------------------------------------------------
 1 | 
 2 |    
 3 | cff-version: 1.2.0
 4 | title: >-
 5 |   A Study of Remote Access Trojans
 6 | message: 'If you use this software, please cite it as below.'
 7 | type: software
 8 | authors:
 9 |   - given-names: Veronica
10 |     family-names: Valeros
11 |     email: valerver@fel.cvut.cz
12 |     affiliation: >-
13 |       Stratosphere Laboratory, AIC, FEL, Czech
14 |       Technical University in Prague
15 |     orcid: 'https://orcid.org/0000-0003-2554-3231'
16 | 


--------------------------------------------------------------------------------
/.github/workflows/md_link_check.yml:
--------------------------------------------------------------------------------
 1 | name: Check Markdown links
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ main ]
 6 |   pull_request:
 7 |     branches: [ main ]
 8 | 
 9 | jobs:
10 |   markdown-link-check:
11 |     runs-on: ubuntu-latest
12 |     steps:
13 |     - uses: actions/checkout@master
14 |     - uses: gaurav-nelson/github-action-markdown-link-check@v1
15 |       with:
16 |         base-branch: 'main'
17 |         config-file: '.github/workflows/mlc_config.json'
18 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # A Study of Remote Access Trojans
  2 | [![CI](https://github.com/stratosphereips/a-study-of-remote-access-trojans/actions/workflows/md_link_check.yml/badge.svg)](https://github.com/stratosphereips/a-study-of-remote-access-trojans/actions/workflows/md_link_check.yml)
  3 | 
  4 | This repository contains a curated list of papers, articles and other sources related to remote access trojans. Entries are sorted alphabetically. For corrections, suggestions, or missing papers, please either open an issue or submit a pull request. 
  5 | 
  6 | Coverage of this Study of RATs:
  7 | 
  8 | - [Nov 9, 2020 - What is a RAT? How remote access Trojans became a major threat | CSO Online](https://www.csoonline.com/article/3588156/from-pranks-to-apts-how-remote-access-trojans-became-a-major-security-threat.html) (accessed Oct. 01, 2022).
  9 | 
 10 | 
 11 | # Remote Access Trojans
 12 | 
 13 | ## A4zeta
 14 | 
 15 | ![First Seen](https://img.shields.io/badge/Year-2002-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Server Source Code](https://img.shields.io/badge/Server-delphi-yellow)
 16 | 
 17 | - [Megasecurity: A4zeta all](http://www.megasecurity.org/trojans/a/a4zeta/A4zeta_all.html) [[Web Archive](https://web.archive.org/web/20021113014408/http://www.megasecurity.org/trojans/a/a4zeta/A4zeta_all.html)]
 18 | - [Megasecurity: A4zeta beta1](http://www.megasecurity.org/trojans/a/a4zeta/A4zeta_b1.html) [[Web Archive](https://web.archive.org/web/20021105231644/http://www.megasecurity.org/trojans/a/a4zeta/A4zeta_b1.html)]
 19 | - [Megasecurity: A4zeta beta2](http://www.megasecurity.org/trojans/a/a4zeta/A4zeta_b2.html) [[Web Archive](https://web.archive.org/web/20021105232028/http://www.megasecurity.org/trojans/a/a4zeta/A4zeta_b2.html)]
 20 | 
 21 | ## Android Tester RAT
 22 | ![First Seen](https://img.shields.io/badge/Year-2020-blue) ![Targets](https://img.shields.io/badge/Targets-Android-orange)
 23 | 
 24 | - [ANDROID TESTER V6.4.6 (RAT) Cracked + Source - BlackHatRussia](https://www.blackhatrussia.com/1424-android-tester-v646-rat-cracked-source.html) [[Web Archive](https://web.archive.org/web/20210705135241/https://www.blackhatrussia.com/1424-android-tester-v646-rat-cracked-source.html)]
 25 | - [Dissecting a RAT. Android Tester Trojan Analysis and Decoding. - Stratosphere Laboratory](https://www.stratosphereips.org/blog/2020/12/14/ngwqj0h060yv40w1afp51fg7wo9ijy-pzlhk) [[Web Archive](https://web.archive.org/web/20201218181400/https://www.stratosphereips.org/blog/2020/12/14/ngwqj0h060yv40w1afp51fg7wo9ijy-pzlhk)]
 26 | 
 27 | ## Async RAT
 28 | ![First Seen](https://img.shields.io/badge/Year-2018-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
 29 | 
 30 | - [AsyncRAT - GitHub](https://github.com/NYAN-x-CAT/AsyncRAT) [[Web Archive](https://web.archive.org/web/20210227184617/https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/)]
 31 | - [AsyncRAT - GitHub](https://github.com/NYAN-x-CAT-is-My-Brother/AsyncRAT-C-Sharp) [[Web Archive](https://web.archive.org/web/20201022072049/https://github.com/NYAN-x-CAT-is-My-Brother/AsyncRAT-C-Sharp)]
 32 | - [AsyncRAT - TCP Asynchronous Socket - Remote Administration Tool - Raid Forums](https://raidforums.com/Thread-AsyncRAT-TCP-Asynchronous-Socket-Remote-Administration-Tool) [[Web Archive](https://web.archive.org/web/20210705145425/https://raidforums.com/Thread-AsyncRAT-TCP-Asynchronous-Socket-Remote-Administration-Tool)]
 33 | 
 34 | ## Atelier Web Remote Commander
 35 | 
 36 | ![First Seen](https://img.shields.io/badge/Year-2001-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Alias](https://img.shields.io/badge/Alias-AWRC-503040) 
 37 | 
 38 | - [Atelier Web Homepage](http://www.atelierweb.com/products/awrc/) [[Web Archive](https://web.archive.org/web/20200923141614/http://www.atelierweb.com/products/awrc/)]
 39 | - [2016 Hack Windows Server in Network using Atelier Web Remote Command](https://www.hackingarticles.in/hack-windows-server-network-using-atelier-web-remote-command/) [[Web Archive](https://web.archive.org/web/20201001223201/https://www.hackingarticles.in/hack-windows-server-network-using-atelier-web-remote-command/)]
 40 | 
 41 | ## Back Orifice
 42 | 
 43 | ![First Seen](https://img.shields.io/badge/Year-1998-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Targets](https://img.shields.io/badge/Targets-Unix-orange) ![Alias](https://img.shields.io/badge/Alias-BO2K-503040) ![Alias](https://img.shields.io/badge/Alias-Body%20Odour-503040) 
 44 | 
 45 | * [1998 Hacker Group Says Program Can Exploit Microsoft Security Hole](https://archive.nytimes.com/www.nytimes.com/library/tech/98/08/cyber/articles/04hacker.html)
 46 | * [Wikipedia: Back Orifice](https://en.wikipedia.org/wiki/Back_Orifice) [[Web Archive](https://web.archive.org/web/20200429081647/https://en.wikipedia.org/wiki/Back_Orifice)] 
 47 | * [Back Orifice XP](https://sourceforge.net/projects/boxp/) [[Web Archive](https://web.archive.org/web/20160731115412/https://sourceforge.net/projects/boxp/)] 
 48 | * [Threat Description: BO2K](https://www.f-secure.com/v-descs/bo2k.shtml) [[Web Archive](https://web.archive.org/web/20191227143749/https://www.f-secure.com/v-descs/bo2k.shtml)] 
 49 | * [Back Orifice Windows Remote Administration Tool](http://www.cultdeadcow.com/tools/bo.html) [[Web Archive](https://web.archive.org/web/20060331074652/http://www.cultdeadcow.com/tools/bo.html)]
 50 | * [MISP RAT Cluster](https://github.com/MISP/misp-galaxy/blob/master/clusters/rat.json) [[Web Archive](https://web.archive.org/web/20200518134647/https://github.com/MISP/misp-galaxy/blob/master/clusters/rat.json)] 
 51 | * [Tracking the Back Orifice Trojan On a University Network](https://pen-testing.sans.org/resources/papers/gcih/tracking-orifice-trojan-university-network-101743) [[Web Archive](https://web.archive.org/web/20190608080456/https://pen-testing.sans.org/resources/papers/gcih/tracking-orifice-trojan-university-network-101743)]
 52 | * [Symantec: Back Orifice](http://www.symantec.com/avcenter/warn/backorifice.html) [[Web Archive](https://web.archive.org/web/20190608080457/http://www.symantec.com/avcenter/warn/backorifice.html)] 
 53 | 
 54 | ## BbsRAT
 55 | 
 56 | ![First Seen](https://img.shields.io/badge/Year-2014-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
 57 | 
 58 | - [Mitre: BBSRAT](https://attack.mitre.org/wiki/Software/S0127) [[Web Archive](https://web.archive.org/web/20200422204307/https://attack.mitre.org/software/S0127/)]
 59 | - [2015 BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger](http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/) [[Web Archive](https://web.archive.org/web/20200814205356/https://unit42.paloaltonetworks.com/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/)]
 60 | - [2020 How to perform long term monitoring of careless threat actors](https://www.sstic.org/media/SSTIC2020/SSTIC-actes/pivoter_tel_bernard_ou_comment_monitorer_des_attaq/SSTIC2020-Slides-pivoter_tel_bernard_ou_comment_monitorer_des_attaquants_ngligents-lunghi.pdf) [[Web Archive](https://web.archive.org/web/20200609032838/https://www.sstic.org/media/SSTIC2020/SSTIC-actes/pivoter_tel_bernard_ou_comment_monitorer_des_attaq/SSTIC2020-Slides-pivoter_tel_bernard_ou_comment_monitorer_des_attaquants_ngligents-lunghi.pdf)]
 61 | - [2020 Shadows in the Rain](https://medium.com/insomniacs/shadows-in-the-rain-a16efaf21aae) [[Web Archive](https://web.archive.org/web/20201209183319/https://medium.com/insomniacs/shadows-in-the-rain-a16efaf21aae)]
 62 | 
 63 | 
 64 | ## Bifrost
 65 | 
 66 | ![First Seen](https://img.shields.io/badge/Year-2004-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Alias](https://img.shields.io/badge/Alias-Bifrose-503040) 
 67 | 
 68 | * [Study on the Undetectable Server Bifrost 1.2d for the AV](https://www.planetcreator.net/study-on-the-undetectable-server-bifrost-1-2d-for-the-av/) [[Web Archive](https://web.archive.org/web/20200518182936/https://www.planetcreator.net/study-on-the-undetectable-server-bifrost-1-2d-for-the-av/)] 
 69 | * [Malware Info: Bifrost Trojan](http://malware-info.blogspot.lu/2008/10/bifrost-trojan.html) [[Web Archive](https://web.archive.org/web/20100719210545/http://malware-info.blogspot.com/2008/10/bifrost-trojan.html)] 
 70 | * [Wikipedia: Bifrost](https://en.wikipedia.org/wiki/Bifrost_(Trojan_horse)) [[Web Archive](https://web.archive.org/web/20190323091003/http://en.wikipedia.org/wiki/Bifrost_(Trojan_horse))] 
 71 | * [BIFROSE Now More Evasive Through Tor, Used for Targeted Attack](https://blog.trendmicro.com/trendlabs-security-intelligence/bifrose-now-more-evasive-through-tor-used-for-targeted-attack/) [[Web Archive](https://web.archive.org/web/20190807233120/https://blog.trendmicro.com/trendlabs-security-intelligence/bifrose-now-more-evasive-through-tor-used-for-targeted-attack/)] 
 72 | * [The Malicious Intent of the “Here You Have” Mail Worm, Part 2](http://blog.trendmicro.com/trendlabs-security-intelligence/the-malicious-intent-of-the-here-you-have-mail-worm-part-2/) [[Web Archive](https://web.archive.org/web/20160611083959/http://blog.trendmicro.com/trendlabs-security-intelligence/the-malicious-intent-of-the-here-you-have-mail-worm-part-2/)] 
 73 | 
 74 | ## Casper
 75 | 
 76 | ![First Seen](https://img.shields.io/badge/Year-2006-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-Visual%20Basic-yellow) ![Server Source Code](https://img.shields.io/badge/Server-Visual%20Basic-yellow)
 77 | 
 78 | - [Megasecurity: Casper RAT Demo](http://www.megasecurity.org/trojans/c/casper/Casperrat.html) [[Web Archive](https://web.archive.org/web/20111019084501/http://www.megasecurity.org/trojans/c/casper/Casperrat.html)]
 79 | 
 80 | ## CasuS
 81 | 
 82 | ![First Seen](https://img.shields.io/badge/Year-1998-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) 
 83 | 
 84 | - [Megasecurity: Casus 2.0](http://www.megasecurity.org/trojans/c/casus/Casus2.0.html) [[Web Archive](https://web.archive.org/web/20020812134444/http://www.megasecurity.org/trojans/c/casus/Casus2.0.html)]
 85 | - [Megasecurity: Casus 2.3](http://www.megasecurity.org/trojans/c/casus/Casus2.3.html) [[Web Archive](https://web.archive.org/web/20020812134159/http://www.megasecurity.org/trojans/c/casus/Casus2.3.html)]
 86 | 
 87 | ## ComRAT
 88 | 
 89 | ![First Seen](https://img.shields.io/badge/Year-2007-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Alias](https://img.shields.io/badge/Alias-Agent.BTZ-503040) ![Alias](https://img.shields.io/badge/Alias-Chinch-503040)
 90 | 
 91 | - [2014 The Uroburos case: new sophisticated RAT identified](https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified) [[Web Archive](https://web.archive.org/web/20201119194252/https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified)]
 92 | - [2015 Tools used by the Uroburos actors](https://docplayer.net/101655589-Tools-used-by-the-uroburos-actors.html) [[Web Archive](https://web.archive.org/web/20201209182204/https://docplayer.net/101655589-Tools-used-by-the-uroburos-actors.html)]
 93 | - [2020 From Agent.BTZ to ComRAT v4: A ten‑year journey](https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/) [[Web Archive](https://web.archive.org/web/20200526112123/https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/)] 
 94 | 
 95 | ## Coringa RAT (njRAT variant)
 96 | ![First Seen](https://img.shields.io/badge/Year-2016-blue) 
 97 | 
 98 | - [Coringa-RAT v0.3](http://oficialtrajan.blogspot.com/2017/02/coringa-rat-v03.html) [[Web Archive](http://web.archive.org/web/20181014103934/http://oficialtrajan.blogspot.com/2017/02/coringa-rat-v03.html)]
 99 | - [Coringa-RAT 0.3 Espanol RAT - HackForums](https://hackforums.net/showthread.php?tid=5416733&highlight=RAT) [[Web Archive](http://web.archive.org/web/20210705130131/https://hackforums.net/showthread.php?tid=5416733&highlight=RAT)]
100 | 
101 | ## CyberGate RAT
102 | 
103 | ![First Seen](https://img.shields.io/badge/Year-2011-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-delphi-yellow) ![Server Source Code](https://img.shields.io/badge/Server-C++-yellow)
104 | 
105 | - [2011 CyberGate RAT - Hacking Facebook, Twitter and Email Id's Passwords](http://www.hackersthirst.com/2011/03/cybergate-rat-hacking-facebook-twitter.html) [[Web Archive](https://web.archive.org/web/20110404045714/http://www.hackersthirst.com/2011/03/cybergate-rat-hacking-facebook-twitter.html)]
106 | - [2011 RAT Tutorial For Beginners (best version ever)](http://mrwecheat-hacker.blogspot.com/2011/12/rat-tutorial-for-dummies-best-version.html) [[Web Archive](https://web.archive.org/web/20131127165255/http://mrwecheat-hacker.blogspot.com/2011/12/rat-tutorial-for-dummies-best-version.html)]
107 | - [2013 CyberGate RAT COMPLETE TUTORIAL](https://atjeh-vb6.blogspot.com/2013/05/cybergate-rat-complete-tutorial.html) [[Web Archive](https://web.archive.org/web/20201008135258/https://atjeh-vb6.blogspot.com/2013/05/cybergate-rat-complete-tutorial.html)]
108 | - [2014 CyberGate: En febrero nuestra aerolínea te obsequia...](http://oberheimdmx.blogspot.nl/2014/01/cybergate-en-febrero-nuestra-obsequia.html) [[Web Archive](https://web.archive.org/web/20201008135727/http://oberheimdmx.blogspot.com/2014/01/cybergate-en-febrero-nuestra-obsequia.html)] 
109 | 
110 | ## DarkNet RAT
111 | 
112 | ![First Seen](https://img.shields.io/badge/Year-2007-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-Visual%20Basic-yellow) ![Server Source Code](https://img.shields.io/badge/Server-Assembler-yellow)
113 | 
114 | - [Megasecurity: DarkNet](http://www.megasecurity.org/trojans/d/darknet/Darknet.html) [[Web Archive](https://web.archive.org/web/20080906173348/http://www.megasecurity.org/trojans/d/darknet/Darknet.html)] 
115 | 
116 | ## D.I.R.T. (Data Interception by Remote Transmission)
117 | 
118 | ![First Seen](https://img.shields.io/badge/Year-1997-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Server Source Code](https://img.shields.io/badge/Server-Visual%20C++-yellow) ![Type](https://img.shields.io/badge/Type-Commercial-violet)
119 | 
120 | - [Codex Data Systems: D.I.R.T](http://www.codexdatasystems.com/) [[Web Archive](https://web.archive.org/web/19981205012253/http://www.codexdatasystems.com/)]
121 | - [Megasecurity: DIRT Manual](http://www.megasecurity.org/Trojaninfo/DIRTManual2_2clr.pdf) [[Web Archive](https://web.archive.org/web/20110702211953/http://www.megasecurity.org/Trojaninfo/DIRTManual2_2clr.pdf)]
122 | - [The Dangers of Dissent: The FBI and Civil Liberties since 1965](https://books.google.cz/books?id=ErCHQ4so9VEC&pg=PA167&lpg=PA167&dq=D.I.R.T.+remote+access+trojan&source=bl&ots=ibnOYzlj05&sig=ACfU3U1vb16_Lyq7aav4atp4r-U7Cz6rOQ&hl=en&sa=X&ved=2ahUKEwj_kpmFrb_oAhXhwAIHHVMfCSYQ6AEwHXoECDoQMg#v=onepage&q=D.I.R.T.%20remote%20access%20trojan&f=false) [[Web Archive](https://web.archive.org/web/20201220124432if_/https://books.google.cz/books?id=ErCHQ4so9VEC&pg=PA167&lpg=PA167&dq=D.I.R.T.+remote+access+trojan&source=bl&ots=ibnOYzlj05&sig=ACfU3U1vb16_Lyq7aav4atp4r-U7Cz6rOQ&hl=en&sa=X&ved=2ahUKEwj_kpmFrb_oAhXhwAIHHVMfCSYQ6AEwHXoECDoQMg%23v%3Donepage&q=D.I.R.T.+remote+access+trojan&f=false#v=snippet&q=D.I.R.T.%20remote%20access%20trojan&f=false)]
123 | - [1998 It's getting easier to dig up DIRT](https://www.pcworld.idg.com.au/article/18226/it_getting_easier_dig_up_dirt/) [[Web Archive](https://web.archive.org/web/20201220122802/https://www.pcworld.idg.com.au/article/18226/it_getting_easier_dig_up_dirt/)]
124 | - [1998 TheCodex's D.I.R.T. surveillance software](https://cypherpunks.venona.com/date/1998/06/msg00179.html) [[Web Archive](https://web.archive.org/web/20201220122935/https://cypherpunks.venona.com/date/1998/06/msg00179.html)]
125 | - [1998 Network World Magazine](https://books.google.cz/books?id=GxwEAAAAMBAJ&pg=PA37&lpg=PA37&dq=D.I.R.T.+remote+access+trojan&source=bl&ots=V3IlKmPk76&sig=ACfU3U3eN-KBF8bRLEH60wju9tTM080zyw&hl=en&sa=X&ved=2ahUKEwj_kpmFrb_oAhXhwAIHHVMfCSYQ6AEwC3oECDoQKA#v=onepage&q=D.I.R.T.%20remote%20access%20trojan&f=false) [[Web Archive](https://web.archive.org/web/20201220123332if_/https://books.google.cz/books?id=GxwEAAAAMBAJ&pg=PA37&lpg=PA37&dq=D.I.R.T.+remote+access+trojan&source=bl&ots=V3IlKmPk76&sig=ACfU3U3eN-KBF8bRLEH60wju9tTM080zyw&hl=en&sa=X&ved=2ahUKEwj_kpmFrb_oAhXhwAIHHVMfCSYQ6AEwC3oECDoQKA%23v%3Donepage&q=D.I.R.T.+remote+access+trojan&f=false#v=snippet&q=D.I.R.T.%20remote%20access%20trojan&f=false)]
126 | - [2001 Trojan vendor dishes the Dirt](http://www.vnunet.com/News/1122902) [[Web Archive](https://web.archive.org/web/20020605223516/http://www.vnunet.com/News/1122902)]
127 | - [2001 Reg duped by crime-busting D.I.R.T Trojan](https://www.theregister.co.uk/2001/06/06/reg_duped_by_crimebusting_d/) [[Web Archive](https://web.archive.org/web/20200214213232if_/https://www.theregister.co.uk/2001/06/06/reg_duped_by_crimebusting_d/)]
128 | - [2001 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK UNITED STATES OF AMERICA v. FRANK JONES](https://cryptome.org/dirty-jones.html) [[Web Archive](https://web.archive.org/web/20191227011918/http://cryptome.org/dirty-jones.htm)]
129 | - [2001 THE DIRT ON BIG BROTHER HE CAN USE YOUR NET SERVICE TO SPY ON YOU](https://cryptome.org/DIRT-bags.htm) [[Web Archive](https://web.archive.org/web/20020809221235/http://cryptome.org/DIRT-bags.htm)]
130 | - [2002 Law-enforcement DIRT Trojan released](https://www.theregister.co.uk/2002/03/14/lawenforcement_dirt_trojan_released/) [[Web Archive](https://web.archive.org/web/20040410130628/http://www.theregister.co.uk/2002/03/14/lawenforcement_dirt_trojan_released/)]
131 | - [2002 D.I.R.T. Spyware Exposed on Web](http://www.securityfocus.com/news/354) [[Web Archive](https://web.archive.org/web/20200301225728/https://www.securityfocus.com/news/354)]
132 | - [2002 DIRT Guide](http://cryptome.org/dirt-guide.htm) [[Web Archive](https://web.archive.org/web/20191227104050/http://cryptome.org/dirt-guide.htm)]
133 | - [2002 Cryptome dishes the Dirt](http://www.vnunet.com/News/1130192) [[Web Archive](https://web.archive.org/web/20020604015129/http://www.vnunet.com/News/1130192)]
134 | - [2014 D.I.R.T](http://justinakapaste.com/dirt/) [[Web Archive](https://web.archive.org/web/20200329095513/http://justinakapaste.com/dirt/)]
135 | 
136 | ## DroidJack RAT
137 | ![First Seen](https://img.shields.io/badge/Year-2014-blue) ![Targets](https://img.shields.io/badge/Targets-Android-orange)
138 | 
139 | - [Using DroidJack spyware to snoop on your spouse could get you arrested - Sophis](https://nakedsecurity.sophos.com/2015/10/31/using-droidjack-spyware-to-snoop-on-your-spouse-could-get-you-arrested/) [[Web Archive](https://web.archive.org/web/20201224003924/https://nakedsecurity.sophos.com/2015/10/31/using-droidjack-spyware-to-snoop-on-your-spouse-could-get-you-arrested/)]
140 | - [Iranian Hackers’ Rising Interest in Targeting Android Systems With DroidJack, AndroRAT - RecordedFuture](https://www.recordedfuture.com/iranian-forums-targeting-android/) [[Web Archive](https://web.archive.org/web/20210116175545/https://www.recordedfuture.com/iranian-forums-targeting-android/)]
141 | - [DroidJack RAT hits hacker forums, comes from legitimate app developers - SCMagazine](https://www.scmagazine.com/droidjack-rat-posted-for-sale-online/article/539362/) [[Web Archive](https://web.archive.org/web/20190808143206/https://www.scmagazine.com/home/security-news/droidjack-rat-hits-hacker-forums-comes-from-legitimate-app-developers/)]
142 | - [DroidJack RAT: A tale of how budding entrepreneurism can turn to cybercrime - Broadcom Symantec](https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=10119736-5e52-4126-a3a3-31ab62ac7fa9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments) [[Web Archive](https://web.archive.org/web/20210510225628/https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=10119736-5e52-4126-a3a3-31ab62ac7fa9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments)]
143 | - [Police in US, Europe raid homes of supersnoop Droidjack RAT suspects - The Register](https://www.theregister.co.uk/2015/10/30/droidjack_raids/) [[Web Archive](https://web.archive.org/web/20201108175022/https://www.theregister.com/2015/10/30/droidjack_raids/)]
144 | - [Using DroidJack to spy on an Android? Expect a visit from the police - Eset](https://www.welivesecurity.com/2015/10/30/using-droidjack-spy-android-expect-visit-police/) [[Web Archive](https://web.archive.org/web/20201207060821/https://www.welivesecurity.com/2015/10/30/using-droidjack-spy-android-expect-visit-police/)]
145 | 
146 | ## Girlfriend
147 | 
148 | ![First Seen](https://img.shields.io/badge/Year-1998-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
149 | 
150 | - [Megasecurity: GirlFriend](http://www.megasecurity.org/trojans/g/girlfriend/GirlFriend1.3.html) [[Web Archive](https://web.archive.org/web/20081202092929/http://www.megasecurity.org/trojans/g/girlfriend/GirlFriend1.3.html)]
151 | 
152 | ## Grifin
153 | 
154 | ![First Seen](https://img.shields.io/badge/Year-1998-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
155 | 
156 | - [Megasecurity: Grifin](http://www.megasecurity.org/trojans/g/grifin/Grifin.html) [[Web Archive](https://web.archive.org/web/20081202074225/http://www.megasecurity.org/trojans/g/grifin/Grifin.html)]
157 | 
158 | 
159 | ## Hawk
160 | 
161 | ![First Seen](https://img.shields.io/badge/Year-2003-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
162 | 
163 | - [Megasecurity: Hawk 1.1](http://www.megasecurity.org/trojans/h/hawk/Hawk1.1.html) [[Web Archive](https://web.archive.org/web/20081203112724/http://www.megasecurity.org/trojans/h/hawk/Hawk1.1.html)] 
164 | - [Megasecurity: Hawk all versions](http://www.megasecurity.org/trojans/h/hawk/Hawk_all.html) [[Web Archive](https://web.archive.org/web/20081203133452/http://www.megasecurity.org/trojans/h/hawk/Hawk_all.html)] 
165 | 
166 | ## HawkEye
167 | 
168 | ![First Seen](https://img.shields.io/badge/Year-2014-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Alias](https://img.shields.io/badge/Alias-Hawkeye%20Reborn%20v9-503040) ![Alias](https://img.shields.io/badge/Alias-iSpy-503040) 
169 | 
170 | - [2016 iSpy Keylogger](https://www.zscaler.com/blogs/security-research/ispy-keylogger) [[Web Archive](https://web.archive.org/web/20201209125904/https://www.zscaler.com/blogs/security-research/ispy-keylogger)]
171 | - [2018 LastLine: The Latest 100 Threats Seen in Finance](https://go.lastline.com/rs/373-AVL-445/images/MalscapeSnapshot_Finance.pdf) [[Web Archive](https://web.archive.org/web/20201209125725/https://go.lastline.com/rs/373-AVL-445/images/MalscapeSnapshot_Finance.pdf)]
172 | - [2019 HAWKEYE Remote Access Trojan](https://digital.nhs.uk/cyber-alerts/2019/cc-2958) [[Web Archive](https://web.archive.org/web/20201209125225/https://digital.nhs.uk/cyber-alerts/2019/cc-2958)]
173 | 
174 | ## hsidir
175 | 
176 | ![First Seen](https://img.shields.io/badge/Year-2006-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
177 | 
178 | - [2015 Nulled: Win32.HsIdir [ RAT ]](https://www.nulled.to/topic/129749-win32hsidir-rat/) [[Web Archive](https://web.archive.org/web/20200518123727/https://www.nulled.to/topic/129749-win32hsidir-rat/)] 
179 | 
180 | ## IKlogger
181 | 
182 | ![First Seen](https://img.shields.io/badge/Year-2005-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-delphi-yellow) ![Server Source Code](https://img.shields.io/badge/Server-delphi-yellow)
183 | 
184 | - [2005 elhacker: IKlogger 0.1, Keylogger hecho por Sr Sombrero y Thor](https://foro.elhacker.net/analisis_y_diseno_de_malware/iklogger_01_keylogger_hecho_por_sr_sombrero_y_thor-t139441.0.html) [[Web Archive](https://web.archive.org/web/20191006093844/https://foro.elhacker.net/analisis_y_diseno_de_malware/iklogger_01_keylogger_hecho_por_sr_sombrero_y_thor-t139441.0.html)]
185 | 
186 | ## JadeRAT
187 | 
188 | ![First Seen](https://img.shields.io/badge/Year-2015-blue) ![Targets](https://img.shields.io/badge/Targets-Android-orange)
189 | 
190 | - [2017 JadeRAT mobile surveillanceware spikes in espionage activity](https://blog.lookout.com/mobile-threat-jaderat) [[Web Archive](https://web.archive.org/web/20171030060416/https://blog.lookout.com/mobile-threat-jaderat)] 
191 | - [2017 Lookout Mobile Threat Report](https://info.lookout.com/rs/051-ESQ-475/images/Lookout-MTR-Q3-2017-11212017-US.pdf) [[Web Archive](https://web.archive.org/web/20201209124146/https://info.lookout.com/rs/051-ESQ-475/images/Lookout-MTR-Q3-2017-11212017-US.pdf)]
192 | - [2017 Hackers linked to Chinese government used mobile malware to spy on ethnic minority](https://www.cyberscoop.com/lookout-china-scarlet-mimic-jaderat/) [[Web Archive](https://web.archive.org/web/20201016024313/https://www.cyberscoop.com/lookout-china-scarlet-mimic-jaderat/)] 
193 | 
194 | ## JhoneRAT
195 | 
196 | ![First Seen](https://img.shields.io/badge/Year-2019-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
197 | 
198 | - [2020 JhoneRAT: Cloud based python RAT targeting Middle Eastern countries](https://blog.talosintelligence.com/2020/01/jhonerat.html) [[Web Archive](https://web.archive.org/web/20200411085247/https://blog.talosintelligence.com/2020/01/jhonerat.html)]
199 | - [2020 JhoneRat – a snake in the network](https://www.cyjax.com/2020/01/21/jhonerat-a-multi-stage-targeted-malware-infection/) [[Web Archive](https://web.archive.org/web/20200922080847/https://www.cyjax.com/2020/01/21/jhonerat-a-multi-stage-targeted-malware-infection/)]
200 | 
201 | ## KevDroid RAT
202 | ![First Seen](https://img.shields.io/badge/Year-2018-blue) ![Targets](https://img.shields.io/badge/Targets-Android-orange)
203 | 
204 | - [Fake AV Investigation Unearths KevDroid, New Android Malware - Cisco Talos](http://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html) [[Web Archive](https://web.archive.org/web/20210224211712/https://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html)]
205 | - [KevDroid - NJCCIC Threat Profile](https://www.cyber.nj.gov/threat-profiles/android-malware-variants/kevdroid) [[Web Archive](https://web.archive.org/web/20210705150438/https://www.cyber.nj.gov/threat-profiles/android-malware-variants/kevdroid)]
206 | 
207 | ## LokiTech
208 | 
209 | ![First Seen](https://img.shields.io/badge/Year-2003-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-Visual%20Basic-yellow) ![Server Source Code](https://img.shields.io/badge/Server-Visual%20Basic-yellow)
210 | 
211 | - [Megasecurity: Lokitech 1.0](http://www.megasecurity.org/trojans/l/lokitech/Lokitech1.0.html) [[Web Archive](https://web.archive.org/web/20081122115641/http://www.megasecurity.org/trojans/l/lokitech/Lokitech1.0.html)]
212 | 
213 | ## MadRAT
214 | 
215 | ![First Seen](https://img.shields.io/badge/Year-2003-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-Visual%20Basic-yellow) ![Server Source Code](https://img.shields.io/badge/Server-Visual%20Basic-yellow)
216 | 
217 | - [Megasecurity: Madrat1.0](http://www.megasecurity.org/trojans/m/madrat/Madrat1.0.html) [[Web Archive](https://web.archive.org/web/20110702222157/http://www.megasecurity.org/trojans/m/madrat/Madrat1.0.html)]
218 | 
219 | ## MofoTro
220 | 
221 | ![First Seen](https://img.shields.io/badge/Year-2006-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-Visual%20Basic-yellow) ![Server Source Code](https://img.shields.io/badge/Server-Visual%20Basic-yellow)
222 | 
223 | - [Megasecurity: MofoTro Beta](http://www.megasecurity.org/trojans/m/mofotro/Mofotro_beta.html) [[Web Archive](https://web.archive.org/web/20160513003632/http://www.megasecurity.org/trojans/m/mofotro/Mofotro_beta.html)]
224 | - [Facebook post: Remote Administration Tools/Trojans](https://www.facebook.com/notes/mayur-hacker/remote-administration-toolstrojans/495609560467177/) [[Web Archive](https://web.archive.org/web/20200518121727/https://www.facebook.com/notes/mayur-hacker/remote-administration-toolstrojans/495609560467177/)]
225 | 
226 | ## MRA RAT
227 | 
228 | ![First Seen](https://img.shields.io/badge/Year-2002-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
229 | 
230 | - [Megasecurity: MRA Rat 1.0](http://www.megasecurity.org/trojans/m/mrarat/Mrarat1.0.html) [[Web Archive](https://web.archive.org/web/20030629041730/http://www.megasecurity.org/trojans/m/mrarat/Mrarat1.0.html)]
231 | 
232 | 
233 | ## Nerbian
234 | ![First Seen](https://img.shields.io/badge/Year-2022-blue) ![Targets](https://img.shields.io/badge/Targets-multiplatform-orange) ![Source Code](https://img.shields.io/badge/Language-go-yellow)
235 | 
236 | 
237 | - [2022 Proofpoint: Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques](https://www.proofpoint.com/us/blog/threat-insight/nerbian-rat-using-covid-19-themes-features-sophisticated-evasion-techniques) 
238 | - [2022 Bleeping Computer: New stealthy Nerbian RAT malware spotted in ongoing attacks](https://www.bleepingcomputer.com/news/security/new-stealthy-nerbian-rat-malware-spotted-in-ongoing-attacks/)
239 | - [2022 Infosec Institute: Nerbian RAT Using COVID-19 templates](https://resources.infosecinstitute.com/topic/nerbian-rat-using-covid-19-templates/)
240 | 
241 | 
242 | ## Net Devil
243 | 
244 | ![First Seen](https://img.shields.io/badge/Year-2002-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
245 | 
246 | - [Cisco Security: Backdoor Net-Devil](https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=17877&signatureSubId=0) [[Web Archive](https://web.archive.org/web/20201209145340/https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=17877&signatureSubId=0)]
247 | - [PC-Freak: Net-Devil](https://www.pc-freak.net/tutorials/hacking_info/trojans_info/tr_data/y2267.html) [[Web Archive](https://web.archive.org/web/20201209150028/https://www.pc-freak.net/tutorials/hacking_info/trojans_info/tr_data/y2267.html)]
248 | - [2002 Symantec: Backdoor.NetDevil](https://www.symantec.com/security_response//writeup.jsp?docid=2002-021310-3452-99) [[Web Archive](https://web.archive.org/web/20151023003009/https://www.symantec.com/security_response//writeup.jsp?docid=2002-021310-3452-99)]
249 | - [2004 OPTIXPRO 1.31 and NETDEVIL1.5 TROJAN BACKDOOR EXPOLIT](https://www.giac.org/paper/gcih/560/optixpro-131-netdevil15-trojan-backdoor-expolits/105977) [[Web Archive](https://web.archive.org/web/20201209150439/https://www.giac.org/paper/gcih/560/optixpro-131-netdevil15-trojan-backdoor-expolits/105977)]
250 | 
251 | ## NetSupport Manager
252 | 
253 | ![First Seen](https://img.shields.io/badge/Year-1989-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Targets](https://img.shields.io/badge/Targets-ChromeOS-orange) ![Targets](https://img.shields.io/badge/Targets-MacOS-orange) ![Targets](https://img.shields.io/badge/Targets-Linux-orange) ![Targets](https://img.shields.io/badge/Targets-Android-orange) ![Targets](https://img.shields.io/badge/Targets-iOS-orange) ![Type](https://img.shields.io/badge/Type-Commercial-violet)
254 | 
255 | - [NetSupport Manager Homepage](https://www.netsupportsoftware.com/remote-control/) [[Web Archive](https://web.archive.org/web/20200609193918/https://www.netsupportsoftware.com/remote-control/)]
256 | - [Wikipedia: NetSupport Manager
257 | ](https://en.wikipedia.org/wiki/NetSupport\_Manager) [[Web Archive](https://web.archive.org/web/20201119221005/https://en.wikipedia.org/wiki/NetSupport_Manager)]
258 | - [2014 An Intro to NetSupport Manager Scripts](https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Intro-to-NetSupport-Manager-Scripts/) [[Web Archive](https://web.archive.org/web/20190328004633/https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/an-intro-to-netsupport-manager-scripts/)]
259 | - [2017 EITest: HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware
260 | ](https://researchcenter.paloaltonetworks.com/2017/09/unit42-hoeflertext-popups-targeting-google-chrome-users-now-pushing-rat-malware/) [[Web Archive](https://web.archive.org/web/20201208015032/https://unit42.paloaltonetworks.com/unit42-hoeflertext-popups-targeting-google-chrome-users-now-pushing-rat-malware/)]
261 | - [2018 Fake Software Update Abuses NetSupport Remote Access Tool](https://www.fireeye.com/blog/threat-research/2018/04/fake-software-update-abuses-netsupport-remote-access-tool.html) [[Web Archive](https://web.archive.org/web/20201210090411/https://www.fireeye.com/blog/threat-research/2018/04/fake-software-update-abuses-netsupport-remote-access-tool.html)]
262 | - [2019 NetSupport RAT installed via fake update notices](https://www.zscaler.com/blogs/security-research/netsupport-rat-installed-fake-update-notices) [[Web Archive](https://web.archive.org/web/20201220115407/https://www.zscaler.com/blogs/security-research/netsupport-rat-installed-fake-update-notices)]
263 | - [2020 Operation TA505: investigating the ServHelper backdoor with NetSupport RAT. Part 2.](https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/operation-ta505-part2/) [[Web Archive](https://web.archive.org/web/20201101010608/https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/operation-ta505-part2/)]
264 | 
265 | ## NokNok
266 | 
267 | ![First Seen](https://img.shields.io/badge/Year-1996-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
268 | 
269 | - [Megasecurity: NokNok 5.0](http://www.megasecurity.org/trojans/n/noknok/Noknok5.0.html) [[Web Archive](https://web.archive.org/web/20081201090344/http://www.megasecurity.org/trojans/n/noknok/Noknok5.0.html)]
270 | - [Megasecurity: NokNok All Versions](http://www.megasecurity.org/trojans/n/noknok/Noknok_all.html) [[Web Archive](https://web.archive.org/web/20090109053617/http://www.megasecurity.org/trojans/n/noknok/Noknok_all.html)]
271 | - [PC-FREAK: NokNok](https://www.pc-freak.net/tutorials/hacking_info/trojans_info/tr_data/y2372.html) [[Web Archive](https://web.archive.org/web/20200329090040/https://www.pc-freak.net/tutorials/hacking_info/trojans_info/tr_data/y2372.html)]
272 | - [2004 TROJAN: NokNok Client Command](http://services.netscreen.com/documentation/signatures/TROJAN%3AMISC%3ANOKNOK-COMMAND.html) [[Web Archive](https://web.archive.org/web/20201220120901/http://services.netscreen.com/documentation/signatures/TROJAN:MISC:NOKNOK-COMMAND.html)]
273 | 
274 | ## ObliqueRAT
275 | 
276 | ![First Seen](https://img.shields.io/badge/Year-2020-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
277 | 
278 | - [2020 ObliqueRAT: New RAT hits victims' endpoints via malicious documents](https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html) [[Web Archive](https://web.archive.org/web/20200311091640/https://blog.talosintelligence.com/2020/02/obliquerat-hits-victims-via-maldocs.html)]
279 | - [2020 Transparent Tribe: Evolution analysis, part 2](https://securelist.com/transparent-tribe-part-2/98233/) [[Web Archive](https://web.archive.org/web/20201026064017/https://securelist.com/transparent-tribe-part-2/98233/)]
280 | - [South Asia APT organizes the "transparent tribe" to compete with opponents on mobile](https://www.secrss.com/articles/24995) [[Web Archive](https://web.archive.org/web/20201203173735/https://www.secrss.com/articles/24995)]
281 | 
282 | ## Overseer RAT
283 | ![First Seen](https://img.shields.io/badge/Year-2018-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
284 | 
285 | - [Free 3 Month License to OverSeer RAT (Silent Miner RAT with inbuilt crypter) - HackForums](https://hackforums.net/showthread.php?tid=5790586&highlight=RAT)
286 | - [Overseer RAT : 0.2 - Nulled](https://nulledbb.com/thread-Overseer-RAT-0-2) [[Web Archive](https://web.archive.org/web/20210705143237/https://nulledbb.com/thread-Overseer-RAT-0-2)]
287 | - [MONERO AND WANNAMINE - The cyber-criminal cryptocurrency and miner malware of choice - Accenture](https://www.accenture.com/t20180322T091347Z__w__/us-en/_acnmedia/PDF-46/Accenture-Threat-Analysis-Monero-Wannamine.pdf) [[Web Archive](https://web.archive.org/web/20201109015759/https://www.accenture.com/t20180322T091347Z__w__/us-en/_acnmedia/PDF-46/Accenture-Threat-Analysis-Monero-Wannamine.pdf)]
288 | 
289 | 
290 | ## Pandora
291 | 
292 | ![First Seen](https://img.shields.io/badge/Year-2002-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
293 | 
294 | - [Megasecurity: Pandora1.1](http://www.megasecurity.org/trojans/p/pandora/Pandora1.1.html) [[Web Archive](https://web.archive.org/web/20080906164023/http://www.megasecurity.org/trojans/p/pandora/Pandora1.1.html)]
295 | 
296 | 
297 | ## Poison Ivy
298 | 
299 | ![First Seen](https://img.shields.io/badge/Year-2005-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Alias](https://img.shields.io/badge/Alias-Darkmoon-503040)
300 | 
301 | - [2008 Poison Ivy Remote Administration Tool Homepage](www.poisonivy-rat.com) [[Web Archive](https://web.archive.org/web/20080901081727/http://www.poisonivy-rat.com/)]
302 | - [2014 Cisco Talos: Threat Spotlight: Group 72](http://blogs.cisco.com/security/talos/threat-spotlight-group-72) [[Web Archive](https://web.archive.org/web/20190819114216/https://blogs.cisco.com/security/talos/threat-spotlight-group-72)]
303 | - [2014 FireEye: POISON IVY: Assessing Damage and Extracting Intelligence](https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf) [[Web Archive](https://web.archive.org/web/20200511231612/https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf)]
304 | - [2016 Operation DustySky - Part 2](https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf) [[Web Archive](https://web.archive.org/web/20201001195808/https://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf)]
305 | - [F-Secure: Backdoor:W32/PoisonIvy](https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml) [[Web Archive](https://web.archive.org/web/20190908094326/https://www.f-secure.com/v-descs/backdoor_w32_poisonivy.shtml)] 
306 | 
307 | ## ProAgent RAT
308 | 
309 | ![First Seen](https://img.shields.io/badge/Year-2005-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) 
310 | 
311 | - [	Liste des Rat](http://assiste.com.online.fr/p/abc/b/liste_rat.php) [[Web Archive](https://web.archive.org/web/20201209215216/http://assiste.com.online.fr/p/abc/b/liste_rat.php)]
312 | 
313 | ## ProRAT
314 | 
315 | ![First Seen](https://img.shields.io/badge/Year-2002-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) 
316 | 
317 | - [Megasecurity: ProRat 1.0b](http://www.megasecurity.org/trojans/p/prorat/Prorat1.0b.html) [[Web Archive](https://web.archive.org/web/20030710020430/http://www.megasecurity.org/trojans/p/prorat/Prorat1.0b.html)]
318 | - [An Introduction To Keyloggers, RATS And Malware](http://index-of.es/EBooks/An%20Introduction%20To%20Keylogger,%20RATS%20And%20Malware.pdf) [[Web Archive](https://web.archive.org/web/20201209152933/http://index-of.es/EBooks/An%20Introduction%20To%20Keylogger,%20RATS%20And%20Malware.pdf)]
319 | - [2012 [Tutorial] ProRat V1.9 SETUP, Its guide,port forwarding & FAQs [Q&A]](https://coolhackerboy.wordpress.com/2012/03/13/tutorial-prorat-v1-9-setup-its-guideport-forwarding-faqs-qa/) [[Web Archive](https://web.archive.org/web/20201209152458/https://coolhackerboy.wordpress.com/2012/03/13/tutorial-prorat-v1-9-setup-its-guideport-forwarding-faqs-qa/)]
320 | - [2014 HACK A SYSTEM USING RAT’S](https://ultimate1337.wordpress.com/tag/prorat/) [[Web Archive](https://web.archive.org/web/20201209152631/https://ultimate1337.wordpress.com/tag/prorat/)]
321 | - [2015 New RATs Emerge from Leaked Njw0rm Source Code ](http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/) [[Web Archive](https://www.trendmicro.com/en_us/research/15/a/new-rats-emerge-from-leaked-njw0rm-source-code.html)]
322 | - [2020 Carders: ProRat ~Best and Free Remote Administration Tools~Backdoor Trojan Horse](https://carders.ws/threads/prorat-best-and-free-remote-administration-tools-backdoor-trojan-horse.2474/) [[Web Archive](https://web.archive.org/web/20201209152819/https://carders.ws/threads/prorat-best-and-free-remote-administration-tools-backdoor-trojan-horse.2474/)]
323 | 
324 | ## PubNub RAT
325 | ![First Seen](https://img.shields.io/badge/Year-2018-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
326 | 
327 | - [Fake AV Investigation Unearths KevDroid, New Android Malware - Cisco Talos](http://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html) [[Web Archive](https://web.archive.org/web/20210224211712/https://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html)]
328 | 
329 | ## Socket23
330 | 
331 | ![First Seen](https://img.shields.io/badge/Year-1998-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Alias](https://img.shields.io/badge/Alias-Sockets%20de%20Troie-503040) 
332 | 
333 | - [1999 Virus Bulletin Magazine](https://www.virusbulletin.com/uploads/pdf/magazine/1999/199908.pdf) [[Web Archive](https://web.archive.org/web/20201209102758/https://www.virusbulletin.com/uploads/pdf/magazine/1999/199908.pdf)]
334 | - [2013 YouTube: Démonstration de Socket23](https://www.youtube.com/watch?v=tHqD2SKJJ4w) [[Web Archive](https://web.archive.org/web/20201209103117/https://www.youtube.com/watch?v=tHqD2SKJJ4w)]
335 | 
336 | ## Sparta RAT
337 | 
338 | ![First Seen](https://img.shields.io/badge/Year-2002-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-delphi-yellow) ![Server Source Code](https://img.shields.io/badge/Server-delphi-yellow)
339 | 
340 | - [Megasecurity: Sparta 1.1 (a)](http://www.megasecurity.org/trojans/s/sparta/Sparta1.1a.html) [[Web Archive](https://web.archive.org/web/20030505194127/http://www.megasecurity.org/trojans/s/sparta/Sparta1.1a.html)]
341 | - [Megasecurity: Sparta 1.1 (b1) client](http://www.megasecurity.org/trojans/s/sparta/Sparta1.1b1_client.html) [[Web Archive](https://web.archive.org/web/20030502021332/http://www.megasecurity.org/trojans/s/sparta/Sparta1.1b1_client.html)]
342 | - [Megasecurity: Sparta all](http://www.megasecurity.org/trojans/s/sparta/Sparta_all.html) [[Web Archive](https://web.archive.org/web/20030502025607/http://www.megasecurity.org/trojans/s/sparta/Sparta_all.html)]
343 | 
344 | ## Subseven
345 | 
346 | ![First Seen](https://img.shields.io/badge/Year-1999-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Alias](https://img.shields.io/badge/Alias-Sub7-503040) ![Alias](https://img.shields.io/badge/Alias-Backdoor%20G-503040) ![Alias](https://img.shields.io/badge/Alias-Sub7Server-503040) 
347 | 
348 | * [Symantec: Backdoor.SubSeven](https://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99) [[Web Archive](https://web.archive.org/web/20190211200320/https://www.symantec.com/security-center/writeup/2001-020114-5445-99)] 
349 | * [Wikipedia: Sub7](https://en.wikipedia.org/wiki/Sub7)
350 | * [What is SubSeven? Giving away control of your machine!](https://www.giac.org/paper/gsec/453/subseven-giving-control-machine/101094) [[Web Archive](https://web.archive.org/web/20201008145832/https://www.giac.org/paper/gsec/453/subseven-giving-control-machine/101094)] 
351 | * [SubSeven: The Malware the Launched 1,000 IT Careers](https://www.linkedin.com/pulse/subseven-malware-launched-1000-careers-jack-rhysider/) [[Web Archive](https://web.archive.org/web/20201008150036/https://www.linkedin.com/pulse/subseven-malware-launched-1000-careers-jack-rhysider/)] 
352 | * [Deconstructing SubSeven, the Trojan Horse of Choice]( https://www.sans.org/reading-room/whitepapers/malicious/deconstructing-subseven-the-trojan-horse-of-choice-953) [[Web Archive](https://web.archive.org/web/20140202135110/http://www.sans.org/reading-room/whitepapers/malicious/deconstructing-subseven-the-trojan-horse-of-choice-953)] 
353 | * [Sub Seven: A Risk to Your Internet Security](https://pen-testing.sans.org/resources/papers/gcih/seven-risk-internet-security-102981) [[Web Archive](https://web.archive.org/web/20150922142519/http://pen-testing.sans.org/resources/papers/gcih/seven-risk-internet-security-102981)] 
354 | 
355 | ## Tapaoux
356 | 
357 | ![First Seen](https://img.shields.io/badge/Year-2007-blue)
358 | 
359 | - [2014 Kaspersky: THE DARKHOTEL APT A STORY OF UNUSUAL HOSPITALITY](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf) [[Web Archive](https://web.archive.org/web/20200513200629/https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf)] 
360 | - [2016 DarkHotel: Give Us All Your Data and Enjoy Your Stay](http://www.informationsecuritybuzz.com/articles/darkhotel-give-us-data-enjoy-stay/)
361 | [[Web Archive](https://web.archive.org/web/20191006125252/https://www.informationsecuritybuzz.com/articles/darkhotel-give-us-data-enjoy-stay/)] 
362 | 
363 | ## Tequila Bandita
364 | 
365 | ![First Seen](https://img.shields.io/badge/Year-2004-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-delphi-yellow) ![Server Source Code](https://img.shields.io/badge/Server-delphi-yellow)
366 | 
367 | - [Megasecurity: tequila bandita 1.2 beta 1](http://www.megasecurity.org/trojans/t/toquitobandito/Tequilabandita1.2.html) [[Web Archive](https://web.archive.org/web/20161012200205/http://www.megasecurity.org/trojans/t/toquitobandito/Tequilabandita1.2.html)]
368 | - [Megasecurity: Toquitobadito All](https://www.megasecurity.org/trojans/t/toquitobandito/Toquitobandito_all.html) [[Web Archive](https://web.archive.org/web/20161014124932/http://www.megasecurity.org/trojans/t/toquitobandito/Toquitobandito_all.html)]
369 | 
370 | ## Theef
371 | 
372 | ![First Seen](https://img.shields.io/badge/Year-2002-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-delphi-yellow) ![Server Source Code](https://img.shields.io/badge/Server-delphi-yellow)
373 | 
374 | - [Remote Administration Tools (RATs)](http://bitchronic.blogspot.com/2013/02/remote-administration-tools-rats.html) [[Web Archive](https://web.archive.org/web/20201209161344/http://bitchronic.blogspot.com/2013/02/remote-administration-tools-rats.html)]
375 | 
376 | 
377 | ## Toquito Bandito
378 | 
379 | ![First Seen](https://img.shields.io/badge/Year-2004-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange) ![Client Source Code](https://img.shields.io/badge/Client-delphi-yellow) ![Server Source Code](https://img.shields.io/badge/Server-delphi-yellow)
380 | 
381 | - [Megasecurity: Toquito Bandito 1.0](http://www.megasecurity.org/trojans/t/toquitobandito/Toquitobandito1.0.html) [[Web Archive](https://web.archive.org/web/20050328210450/http://www.megasecurity.org/trojans/t/toquitobandito/Toquitobandito1.0.html)]
382 | - [Megasecurity: Toquitobadito All](https://www.megasecurity.org/trojans/t/toquitobandito/Toquitobandito_all.html) [[Web Archive](https://web.archive.org/web/20161014124932/http://www.megasecurity.org/trojans/t/toquitobandito/Toquitobandito_all.html)]
383 | 
384 | ## Turkojan
385 | 
386 | ![First Seen](https://img.shields.io/badge/Year-2003-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
387 | 
388 | - [TURKOJAN Homepage](https://turkojan.blogspot.com) [[Web Archive](https://web.archive.org/web/20200205124625/http://turkojan.blogspot.com/)]
389 | - [2003 Symantec: Backdoor.Turkojan](https://www.symantec.com/security_response/writeup.jsp?docid=2003-032816-3726-99) [[Web Archive](https://web.archive.org/web/20151022185740/https://www.symantec.com/security_response//writeup.jsp?docid=2003-032816-3726-99)]
390 | - [2016 Turkish Journalist Jailed for Terrorism Was Framed, Forensics Report Shows](https://www.vice.com/en/article/nz74wq/turkish-journalist-jailed-for-terrorism-was-framed-forensic-report-shows-1) [[Web Archive](https://web.archive.org/web/20201108171720/https://www.vice.com/en/article/nz74wq/turkish-journalist-jailed-for-terrorism-was-framed-forensic-report-shows-1)]
391 | 
392 | 
393 | ## Vigilix
394 | 
395 | ![First Seen](https://img.shields.io/badge/Year-2003-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
396 | 
397 | - [Vigilix Homepage](https://vigilix.com) [[Web Archive](https://web.archive.org/web/20030904035527/http://www.vigilix.com/)]
398 | 
399 | ## xHacker RAT
400 | 
401 | ![First Seen](https://img.shields.io/badge/Year-2007-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
402 | 
403 | - [2007 Romanian Security Team Forum: xHacker 3.0 PRO Leaked!](https://rstforums.com/forum/topic/7347-xhacker-30-pro-leaked/) [[Web Archive](https://web.archive.org/web/20201209220530/https://rstforums.com/forum/topic/7347-xhacker-30-pro-leaked/)]
404 | - [2016 Quora: How can I build a RAT (Remote Access Trojan) from scratch? For educational purposes only](https://www.quora.com/How-can-I-build-a-RAT-Remote-Access-Trojan-from-scratch-For-educational-purposes-only)
405 | 
406 | ## WebMonitor RAT
407 | ![First Seen](https://img.shields.io/badge/Year-2017-blue) ![Targets](https://img.shields.io/badge/Targets-Windows-orange)
408 | 
409 | - [Revcode Website]() [[Web Archive](https://web.archive.org/web/20171010130157/https://revcode.eu/)]
410 | - [WebMonitor RAT [PC + Android, Keylogger (No root), C++, No PORTFORWARD] #1 ON MARKET - HackForums](https://hackforums.net/showthread.php?tid=5621975&highlight=Webmonitor) [[Web Archive](https://web.archive.org/web/20210705171047/https://hackforums.net/showthread.php?tid=5621975&highlight=Webmonitor)]
411 | - [Say “Cheese”: WebMonitor RAT Comes with C2-as-a-Service (C2aaS) - PaloAlto Networks](https://unit42.paloaltonetworks.com/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/) [[Web Archive](https://web.archive.org/web/20201208215425/https://unit42.paloaltonetworks.com/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/)]
412 | - [Who’s Behind the RevCode WebMonitor RAT?](https://krebsonsecurity.com/2019/04/whos-behind-the-revcode-webmonitor-rat/) [[Web Archive](https://web.archive.org/web/20210126064730/https://krebsonsecurity.com/2019/04/whos-behind-the-revcode-webmonitor-rat/)]
413 | - [WebMonitor RAT Bundled with Zoom Installer](https://www.trendmicro.com/en_us/research/20/d/webmonitor-rat-bundled-with-zoom-installer.html) [[Web Archive](https://web.archive.org/web/20210121163811/https://www.trendmicro.com/en_us/research/20/d/webmonitor-rat-bundled-with-zoom-installer.html)]
414 | 


--------------------------------------------------------------------------------