RedCore RAT

The RedCore RAT (Remote Access Trojan) is a custom-built hacking tool that was developed by the Cycldek group. This group of cybercriminals is likely to originate from China. Recently, the Cycldek hacking group has concentrated its efforts in the South East Asian region, namely Thailand, Vietnam and Laos. The Cycldek APT (Advanced Persistent Threat) is known to target foreign government bodies, as well as significant politicians.

The RedCore RAT is based on one of the most significant custom-built tools by the Cycldek APT – the NewCore RAT. This hacking group used the NewCore RAT to create another new tool, apart from the RedCore RAT, which has been dubbed BlueCore RAT. The capabilities of the BlueCore RAT are rather limited compared to those of the RedCore RAT. When the RedCore RAT compromises a targeted computer, it will be capable of:

  • Modifying the file system.
  • Launching a keylogging module, which collects specific data.
  • Executing remote commands.
  • Downloading and executing files.
  • Monitoring RDP (Remote Desktop Protocol) connections and reporting when there is an active one.
  • Listing storage devices and hard drives, which are connected to the host.
  • Using the host as a proxy server.

To remain undetected, the RedCore RAT may mask its files as a genuine security service or a Google/Microsoft tool.

The BlueCore RAT is being propagated via corrupted RTF documents, but malware experts are yet to determine the propagation method used in the distribution of the RedCore RAT. If you want to protect your computer against threats like the RedCore RAT, it is advisable to obtain a legitimate anti-malware solution.


Most Viewed