APT / THREAT GROUP
oRAT
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
SentinelOne describes this as a malware written in Go, mixing own custom code with code from public repositories.
Threat Analysis
oRAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning oRAT
Warning Over “Industrialized” Cyber-Attacks After Ransomware Gang Partners With TeamPCP
Infosecurity Magazine· Jul 3, 2026
Medtronic Data Breach Impacts 3.8 Million People
SecurityWeek· Jul 3, 2026
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
Dark Reading· Jul 2, 2026
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
The Hacker News· Jul 2, 2026
Kubota says hackers had month-long access to network systems
BleepingComputer· Jul 1, 2026
ToddyCat: your hidden email assistant. Part 2
Securelist (Kaspersky)· Jun 30, 2026
Blackfield ransomware asks Nidec Corporation for $2 million ransom
BleepingComputer· Jun 30, 2026
Data breach exposes up to 14.2 million email logins at six ISPs
BleepingComputer· Jun 28, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
oRATosx.orat
External Intelligence
Malpedia: osx.oratResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.