Jun 8, 2026
C2 Hosts: 2
DCRat
Also known as: DarkCrystal RAT
DCRat is a typical RAT that has been around since at least June 2019.
C2 Infrastructure
Hosting/VPS 93%
Business 3%
Unknown 3%
Last 7 days
Jun 7, 2026
C2 Hosts: 4
Jun 6, 2026
C2 Hosts: 5
Jun 5, 2026
C2 Hosts: 2
Jun 4, 2026
C2 Hosts: 6
Jun 3, 2026
C2 Hosts: 10
| Date | C2 Hosts |
|---|---|
| Jun 8, 2026 | 2 |
| Jun 7, 2026 | 4 |
| Jun 6, 2026 | 5 |
| Jun 5, 2026 | 2 |
| Jun 4, 2026 | 6 |
| Jun 3, 2026 | 10 |
Further Reading
PrivateLoader: the loader of the prevalent ruzki PPI service opens in a new tab
PrivateLoader is a downloader malware family. It is used as part of a PPI service, to deliver payloads of multiple malware families.
blog.sekoia.io
Secure Communications Blog opens in a new tab
Explore expert insights on secure communications from BlackBerry — covering government, critical infrastructure, resilience, compliance, and trusted communications at scale.
blogs.blackberry.com
GitHub - jeFF0Falltrades/rat_king_parser: A robust, multiprocessing-capable, multi-family RAT config parser/config ex... opens in a new tab
A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, XWorm, Xeno RAT, and cloned/derivative RAT families. - jeFF0Falltrades/r...
github.com
Foxit PDF “Flawed Design” Exploitation - Check Point Research opens in a new tab
Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive uns...
research.checkpoint.com
Botnet C&C | Botnet Threat Update January to June 2025 | Report opens in a new tab
spamhaus.org
Botnet C&C | Botnet Threat Update July to December 2025 | Report opens in a new tab
spamhaus.org
BlindEagle Deploys Caminho and DCRAT | ThreatLabz opens in a new tab
BlindEagle continues to target Colombian government agencies and deploying Caminho and DCRAT.
zscaler.com
FreeCryptoScam opens in a new tab
FreeCryptoScam is a new scam in which threat actors lure victims with the promise of free cryptocurrency, leading to the installation of malware payloads.
zscaler.com
Snip3 Crypter | ThreatLabz opens in a new tab
ThreatLabZ observed multiple threat campaigns utilizing the Snip3 crypter, a multi-stage Remote Access Trojan Loader with new TTPs target various industries
zscaler.com