MALWARE-CNC Win.Trojan.BlackRAT variant outbound connection
This event is generated when C2 traffic produced by BlackRAT is detected
A Network Trojan was detected
BlackRAT is a trojan that maintains contact with its C2 server by creating a sentinel file on the victim machine. It creates persistence by copying itself to multiple locations and can exfiltrate data to the C2 from the victim machine.
Ease of attack
Please follow corporate malware remediation procedures. Enable the new rules to prevent future C2 call-outs.
- Cisco Talos Intelligence Group