<<< Hide Navigation Hide TOC >>>

Cardinal RAT (1d9fbf33-faea-40c1-b543-c7b39561f0ff)

Palo Alto Networks has discovered a previously unknown remote access Trojan (RAT) that has been active for over two years. It has a very low volume in this two-year period, totaling roughly 27 total samples. The malware is delivered via an innovative and unique technique: a downloader we are calling Carp uses malicious macros in Microsoft Excel documents to compile embedded C# (C Sharp) Programming Language source code into an executable that in turn is run to deploy the Cardinal RAT malware family. These malicious Excel files use a number of different lures, providing evidence of what attackers are using to entice victims into executing them.

Rows: 3

Loading extensions...

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Malpedia Tool		Clear RAT Tool	Clear 1 2
EVILNUM (e1ca79eb-5629-4267-bb37-3992c7126ef4)	Tool	Cardinal RAT (1d9fbf33-faea-40c1-b543-c7b39561f0ff)	Tool	1
Cardinal RAT (3d3da4c0-004c-400c-9da6-f83fd35d907e)	Malpedia	Cardinal RAT (1d9fbf33-faea-40c1-b543-c7b39561f0ff)	Tool	1
EVILNUM (e1ca79eb-5629-4267-bb37-3992c7126ef4)	Tool	Cardinal (cb23f563-a8b9-4427-9884-594e8d3cc836)	RAT	2