APT / THREAT GROUP
RemotePE
2
aliases
Last seen:Jun 11, 2026
Intelligence Profile
According to Fox-IT, RemotePE is the final-stage in-memory RAT that operates across multiple threads to handle C2 communication and command execution. It exposes a range of capabilities via a structured command set, including configuration, console access, file and process operations, and plugin support to dynamically load additional payloads. The framework emphasizes memory-only execution and encrypted, compressed exchanges with the C2, aiming to minimize forensic traces and enable long-term, stealthy control managed by an operator.
Threat Analysis
RemotePE is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning RemotePE
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
The Hacker News· May 25, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
RemotePEwin.remotepe
External Intelligence
Malpedia: win.remotepeResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.