* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate)
* RAT

# Palo Alto Networks

## RAT

[![NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/)  
[NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT
\------------------------------------------------------------------------------------](https://origin-researchcenter.paloaltonetworks.com/blog/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/)

Reaper Group uses custom malware family called DOGCALL to deploy RAT. Get the full report.  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)  
Oct 01, 2018  
By [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig")

## Palo Alto Networks

*** ** * ** ***

[Announcements](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)

*** ** * ** ***

[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)

*** ** * ** ***

[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

*** ** * ** ***

[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

*** ** * ** ***

[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

*** ** * ** ***

[Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

*** ** * ** ***

![Say “Cheese”: WebMonitor RAT Comes with C2-as-a-Service (C2aaS)](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Say "Cheese": WebMonitor RAT Comes with C2-as-a-Service (C2aaS)](https://origin-researchcenter.paloaltonetworks.com/blog/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/)

Unit 42 uncovers a new(ish) fully-featured Remote Access Tool (RAT), with web-based Command-and-Control (C2) included  
Apr 13, 2018  
By [Mike Harbison](https://www.paloaltonetworks.com/blog/author/mike-harbison/?ts=markdown "Posts by Mike Harbison") and [Simon Conant](https://www.paloaltonetworks.com/blog/author/simon-conant/?ts=markdown "Posts by Simon Conant")  
![EITest: HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malware](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [EITest: HoeflerText Popups Targeting Google Chrome Users Now Push RAT Malwa...](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-hoeflertext-popups-targeting-google-chrome-users-now-pushing-rat-malware/)

Unit 42 uncovers HoeflerText popups delivering RAT malware to Google Chrome users.  
Sep 01, 2017  
By [Brad Duncan](https://www.paloaltonetworks.com/blog/author/bduncan/?ts=markdown "Posts by Brad Duncan")  
![Updated KHRAT Malware Used in Cambodia Attacks](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Updated KHRAT Malware Used in Cambodia Attacks](https://origin-researchcenter.paloaltonetworks.com/blog/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/)

Unit 42 recently observed Remote Access Trojan KHRAT activity targeting the citizens of Cambodia.  
Aug 31, 2017  
By [Alex Hinchliffe](https://www.paloaltonetworks.com/blog/author/alex-hinchliffe/?ts=markdown "Posts by Alex Hinchliffe") and [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn")  
![Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations](https://origin-researchcenter.paloaltonetworks.com/blog/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/)

Troichilus and MoonWind RATS used to target utility and other organizations in Thailand.  
Mar 30, 2017  
By [Jen Miller-Osborn](https://www.paloaltonetworks.com/blog/author/jen-miller-osborn/?ts=markdown "Posts by Jen Miller-Osborn") and [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig")  
[](https://origin-researchcenter.paloaltonetworks.com/blog/2016/08/palo-alto-networks-news-of-the-week-august-6-2016/)  
[Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)

## [Palo Alto Networks News of the Week -- August 6, 2016](https://origin-researchcenter.paloaltonetworks.com/blog/2016/08/palo-alto-networks-news-of-the-week-august-6-2016/)

Unit 42 tracked Orcus, the birth of an unusual plugin builder RAT.Unit 42 tracked Orcus, the birth of an unusual plugin builder RAT.  
Aug 06, 2016  
By [Anna Lough](https://www.paloaltonetworks.com/blog/author/anna-lough/?ts=markdown "Posts by Anna Lough")  
[](https://origin-researchcenter.paloaltonetworks.com/blog/2016/08/unit42-orcus-birth-of-an-unusual-plugin-builder-rat/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Orcus -- Birth of an unusual plugin builder RAT](https://origin-researchcenter.paloaltonetworks.com/blog/2016/08/unit42-orcus-birth-of-an-unusual-plugin-builder-rat/)

Unit 42 has been tracking a new Remote Access Trojan (RAT) being sold for $40 USD since April 2016, known as "Orcus". Though Orcus has all the typical features of RAT malware, it allows users to build custom pl...  
Aug 02, 2016  
By [Vicky Ray](https://www.paloaltonetworks.com/blog/author/vicky-khan/?ts=markdown "Posts by Vicky Ray")  
[](https://origin-researchcenter.paloaltonetworks.com/blog/2016/07/unit42-spynote-android-trojan-builder-leaked/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [SpyNote Android Trojan Builder Leaked](https://origin-researchcenter.paloaltonetworks.com/blog/2016/07/unit42-spynote-android-trojan-builder-leaked/)

Our team recently discovered a new Android Trojan called SpyNote which facilitates remote spying. The builder, which creates new versions of the malware, recently leaked on several malware discussion forums. SpyNote is similar to OmniRat an...  
Jul 28, 2016  
By [Jacob Soo](https://www.paloaltonetworks.com/blog/author/jacob-soo/?ts=markdown "Posts by Jacob Soo")  
[](https://origin-researchcenter.paloaltonetworks.com/blog/2016/07/unit42-investigating-the-luminositylink-remote-access-trojan-configuration/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Investigating the LuminosityLink Remote Access Trojan Configuration](https://origin-researchcenter.paloaltonetworks.com/blog/2016/07/unit42-investigating-the-luminositylink-remote-access-trojan-configuration/)

In recent weeks, I've spent time investigating the LuminosityLink Remote Access Trojan's (RAT) embedded configuration. For those unaware, LuminosityLi...  
Jul 08, 2016  
By [Josh Grunzweig](https://www.paloaltonetworks.com/blog/author/josh-grunzweig/?ts=markdown "Posts by Josh Grunzweig")  
[](https://origin-researchcenter.paloaltonetworks.com/blog/2015/11/bookworm-trojan-a-model-of-modular-architecture/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Bookworm Trojan: A Model of Modular Architecture](https://origin-researchcenter.paloaltonetworks.com/blog/2015/11/bookworm-trojan-a-model-of-modular-architecture/)

Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of...  
Nov 10, 2015  
By [Robert Falcone](https://www.paloaltonetworks.com/blog/author/robert-falcone/?ts=markdown "Posts by Robert Falcone"), [Mike Scott](https://www.paloaltonetworks.com/blog/author/mike-scott/?ts=markdown "Posts by Mike Scott") and [Juan Cortes](https://www.paloaltonetworks.com/blog/author/juan-cortes/?ts=markdown "Posts by Juan Cortes")  
[](https://origin-researchcenter.paloaltonetworks.com/blog/2015/08/palo-alto-networks-news-of-the-week-august-29/)  
[Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown), [News of the Week](https://www.paloaltonetworks.com/blog/category/news-of-the-week/?ts=markdown)

## [Palo Alto Networks News of the Week -- August 29](https://origin-researchcenter.paloaltonetworks.com/blog/2015/08/palo-alto-networks-news-of-the-week-august-29/)

Check out the top Palo Alto Networks news from this past week.Unit 42 observed a new Remote Access Tool (RAT), uWarrior, constructed by an unknown actor of Italian origin, and had been tracking a banking Trojan...  
Aug 29, 2015  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://origin-researchcenter.paloaltonetworks.com/blog/2014/08/listen-evolved-419-scammers-targeting-enterprise/)  
[Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Listen: How Evolved 419 Scammers Are Targeting the Enterprise](https://origin-researchcenter.paloaltonetworks.com/blog/2014/08/listen-evolved-419-scammers-targeting-enterprise/)

Unit 42, the Palo Alto Networks threat intelligence team, will be appearing on a live webcast and Q\&A with Dark Reading tomorrow, Thursday, August 28 at 2:00 p.m. EDT.  
Aug 27, 2014  
By [Chad Berndtson](https://www.paloaltonetworks.com/blog/author/cberndston/?ts=markdown "Posts by Chad Berndtson")  
[](https://origin-researchcenter.paloaltonetworks.com/blog/2014/07/unit-42-new-era-threat-intelligence/)  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

## [Unit 42: A New Era In Threat Intelligence](https://origin-researchcenter.paloaltonetworks.com/blog/2014/07/unit-42-new-era-threat-intelligence/)

Today we would like to officially introduce our new threat intelligence team, Unit 42, and announce the release of our first research paper, 419 Evolution.  
Jul 22, 2014  
By [Ryan Olson](https://www.paloaltonetworks.com/blog/author/ryan-olson/?ts=markdown "Posts by Ryan Olson")  
Load more blogs

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language