Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation COVID-19 PoetRAT

An unknown threat actor targeted the government and energy sectors in Azerbaijan with malicious Microsoft Word documents to steal sensitive information from victims. The payload used during the operation was a remote access trojan written in Python and known as PoetRAT. The adversary used a range of post exploitation tools to monitor drive paths, exfiltrate sensitive data, record the victim's webcam, log keystrokes, steal credentials, escalate privileges, create files and directories, and perform scans across the network.
Name Modified Date Sources
Operation COVID-19 PoetRAT 2020-05-21