{
	"id": "7cb691de-f81a-4644-b191-e44f9598aaa0",
	"created_at": "2026-04-06T00:19:10.556013Z",
	"updated_at": "2026-04-10T03:20:01.601918Z",
	"deleted_at": null,
	"sha1_hash": "dbd4bca59afca6c33d9f22af5fffb6c53095cf28",
	"title": "Orcus RAT (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28705,
	"plain_text": "Orcus RAT (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-02 10:48:58 UTC\r\nOrcus has been advertised as a Remote Administration Tool (RAT) since early 2016. It has all the features that\r\nwould be expected from a RAT and probably more. The long list of the commands is documented on their website.\r\nBut what separates Orcus from the others is its capability to load custom plugins developed by users, as well as\r\nplugins that are readily available from the Orcus repository. In addition to that, users can also execute C# and\r\nVB.net code on the remote machine in real-time.\r\n[TLP:WHITE] win_orcus_rat_auto (20200421 | autogenerated rule brought to you by yara-signator)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.orcus_rat\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.orcus_rat\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.orcus_rat"
	],
	"report_names": [
		"win.orcus_rat"
	],
	"threat_actors": [],
	"ts_created_at": 1775434750,
	"ts_updated_at": 1775791201,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dbd4bca59afca6c33d9f22af5fffb6c53095cf28.pdf",
		"text": "https://archive.orkl.eu/dbd4bca59afca6c33d9f22af5fffb6c53095cf28.txt",
		"img": "https://archive.orkl.eu/dbd4bca59afca6c33d9f22af5fffb6c53095cf28.jpg"
	}
}