Threats Tagged 'narwhalrat'
View all threats tagged with 'narwhalrat'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'narwhalrat'
Click on any threat for detailed analysis and mitigation recommendations
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2 0 NarwhalRAT is a sophisticated Python-based remote access trojan (RAT) used by the APT37 threat actor targeting Korean users. It is delivered via spear phishing emails disguised as Microsoft security alerts, using LNK files in ZIP archives and BAT-based obfuscation. The malware supports keylogging, screen capture, microphone recording, and USB data collection. It uses a dual command-and-control (C2) infrastructure combining Korean relay servers and the pCloud API as a dead-drop resolver. NarwhalRAT employs anti-VM techniques, encrypted configuration files, persistence via scheduled tasks, and in-memory execution to evade detection. It is manually controlled with selective function activation through C2 commands. No affected software versions or patches are specified. Join the discussion | AlienVault OTX General | 06/15/2026, 14:58:18 UTC Added: 06/15/2026, 17:30:16 UTC |
Showing 1 to 1 of 1 result