Home > List all groups > List all tools > List all groups using tool Orcus RAT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Orcus RAT

NamesOrcus RAT
TypeBackdoor, Keylogger, Credential stealer, Info stealer, DDoS
Description(Morphisec) In a successful attack, the Orcus RAT can steal browser cookies and passwords, launch server stress tests (DDoS attacks), disable the webcam activity light, record microphone input, spoof file extensions, log keystrokes and more.

The Orcus RAT masquerades as a legitimate remote administration tool, although it is clear from its features and functionality that it is not and was never intended to be. (Brian Krebs published an interesting expose on the man behind the supposed administration tool.) Until two weeks ago, it was publicly sold and licensed by a company calling itself Orcus Technologies. The project is now closed, according to this “press release” issued, and a license-free version available for download, as well as software development tools and documentation. Interestingly, the author also claims there is a “kill switch” available for download by security researchers to remotely shut down and lock out any Orcus control server that they find are being used for malicious purposes.
AlienVault OTX<>

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool Orcus RAT


APT groups


1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key