Skip to content

<<< Hide Navigation Hide TOC >>>

Cardinal RAT (1d9fbf33-faea-40c1-b543-c7b39561f0ff)

Palo Alto Networks has discovered a previously unknown remote access Trojan (RAT) that has been active for over two years. It has a very low volume in this two-year period, totaling roughly 27 total samples. The malware is delivered via an innovative and unique technique: a downloader we are calling Carp uses malicious macros in Microsoft Excel documents to compile embedded C# (C Sharp) Programming Language source code into an executable that in turn is run to deploy the Cardinal RAT malware family. These malicious Excel files use a number of different lures, providing evidence of what attackers are using to entice victims into executing them.

Galaxy ColorsToolMalpediaRAT
Rows: 3
Loading extensions...
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
EVILNUM (e1ca79eb-5629-4267-bb37-3992c7126ef4) Tool Cardinal RAT (1d9fbf33-faea-40c1-b543-c7b39561f0ff) Tool 1
Cardinal RAT (3d3da4c0-004c-400c-9da6-f83fd35d907e) Malpedia Cardinal RAT (1d9fbf33-faea-40c1-b543-c7b39561f0ff) Tool 1
EVILNUM (e1ca79eb-5629-4267-bb37-3992c7126ef4) Tool Cardinal (cb23f563-a8b9-4427-9884-594e8d3cc836) RAT 2