APT / THREAT GROUP
AstarionRAT
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
According to Huntress, AstarionRAT is a full-featured RAT with 24 commands, including credential theft, SOCKS5 proxy, port scanning, reflective code loading, and shell execution, with RSA-encrypted C2 communication disguised as application telemetry.
Threat Analysis
AstarionRAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning AstarionRAT
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
The Hacker News· Feb 20, 2026
A New RAT and a Hands-on-Keyboard Intrusion
Huntress Blog· Feb 16, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
MIMICRATAstarionRATwin.astarion_rat
External Intelligence
Malpedia: win.astarion_ratResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.