May 30, 2026
C2 Hosts: 48
DCRat
Also known as: DarkCrystal RAT
DCRat is a typical RAT that has been around since at least June 2019.
C2 Infrastructure
Hosting/VPS 89%
ISP/Residential 10%
Business 2%
Last 7 days
May 29, 2026
C2 Hosts: 23
May 28, 2026
C2 Hosts: 3
May 24, 2026
C2 Hosts: 3
| Date | C2 Hosts |
|---|---|
| May 30, 2026 | 48 |
| May 29, 2026 | 23 |
| May 28, 2026 | 3 |
| May 24, 2026 | 3 |
Further Reading
PrivateLoader: the loader of the prevalent ruzki PPI service
PrivateLoader is a downloader malware family. It is used as part of a PPI service, to deliver payloads of multiple malware families.
blog.sekoia.io
Secure Communications Blog
Explore expert insights on secure communications from BlackBerry — covering government, critical infrastructure, resilience, compliance, and trusted communications at scale.
blogs.blackberry.com
GitHub - jeFF0Falltrades/rat_king_parser: A robust, multiprocessing-capable, multi-family RAT config parser/config ex...
A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, XWorm, Xeno RAT, and cloned/derivative RAT families. - jeFF0Falltrades/r...
github.com
Foxit PDF “Flawed Design” Exploitation - Check Point Research
Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive uns...
research.checkpoint.com
Botnet C&C | Botnet Threat Update January to June 2025 | Report
spamhaus.org
Botnet C&C | Botnet Threat Update July to December 2025 | Report
spamhaus.org
BlindEagle Deploys Caminho and DCRAT | ThreatLabz
BlindEagle continues to target Colombian government agencies and deploying Caminho and DCRAT.
zscaler.com
FreeCryptoScam
FreeCryptoScam is a new scam in which threat actors lure victims with the promise of free cryptocurrency, leading to the installation of malware payloads.
zscaler.com
Snip3 Crypter | ThreatLabz
ThreatLabZ observed multiple threat campaigns utilizing the Snip3 crypter, a multi-stage Remote Access Trojan Loader with new TTPs target various industries
zscaler.com