#drat — Public Fediverse posts

UAT-8302 and its box full of malware

UAT-8302 is a sophisticated China-nexus advanced persistent threat group targeting government entities in South America since late 2024 and southeastern Europe in 2025. The actor deploys multiple custom-made malware families including NetDraft, a .NET-based backdoor variant of FinalDraft/SquidDoor, and CloudSorcerer version 3. Post-compromise activities involve extensive reconnaissance, credential extraction, information collection from Active Directory, and network proliferation using tools like Impacket. The group establishes persistence through scheduled tasks and deploys additional malware including VSHELL, SNAPPYBEE/DeedRAT, and ZingDoor. UAT-8302 demonstrates connections to several China-nexus threat clusters through shared tooling, including Draculoader and SNOWLIGHT stager. The actor uses legitimate services like MS Graph and OneDrive for command-and-control infrastructure and establishes backdoor access through proxy servers using tools written in Simplified Chinese.

Pulse ID: 69f9f99c0dc1060430bf089e
Pulse Link: https://otx.alienvault.com/pulse/69f9f99c0dc1060430bf089e
Pulse Author: AlienVault
Created: 2026-05-05 14:07:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #China #Chinese #Cloud #CyberSecurity #DRat #EDR #EasternEurope #Europe #Government #InfoSec #Malware #NET #OTX #OpenThreatExchange #Proxy #RAT #RCE #SouthAmerica #bot #AlienVault

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and macOS Backdoors

Pulse ID: 69f97a983da6af26addef4ba
Pulse Link: https://otx.alienvault.com/pulse/69f97a983da6af26addef4ba
Pulse Author: Tr1sa111
Created: 2026-05-05 05:05:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #DRat #InfoSec #Linux #Mac #MacOS #OTX #OpenThreatExchange #Python #RAT #bot #Tr1sa111

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and macOS Backdoors

An ongoing campaign has been discovered delivering Linux and macOS backdoors through poisoned Python packages uploaded to PyPI repository. The activity is attributed with medium confidence to Gleaming Pisces, a North Korean financially motivated threat actor affiliated with the Reconnaissance General Bureau. The campaign delivered PondRAT, identified as a lighter version of the known POOLRAT remote administration tool. Multiple malicious packages including real-ids, coloredtxt, beautifultext, and minisound were used to establish an evasive infection chain. The threat actor aims to compromise supply chain vendors through developer endpoints to ultimately access their customers' systems. Code analysis reveals significant similarities between PondRAT and previously attributed Gleaming Pisces malware, including identical function names, encryption keys, and execution flows. Both Linux and macOS variants were identified, demonstrating the group's expanding cross-platform capabilities targeting the cryptocurrenc...

Pulse ID: 69f837f3d2d59a26f6d3acf3
Pulse Link: https://otx.alienvault.com/pulse/69f837f3d2d59a26f6d3acf3
Pulse Author: AlienVault
Created: 2026-05-04 06:08:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #DRat #Encryption #Endpoint #InfoSec #Korea #Linux #Mac #MacOS #Malware #NorthKorea #OTX #OpenThreatExchange #PyPI #Python #RAT #SupplyChain #bot #AlienVault

Also, #survHEhmc (to run Bayesian modelling for survival analysis in HTA using HMC/pre-compiled @mcmc_stan models) and #survHMCinla (to run some Bayesian models for survival analysis in HTA using INLA) are now updated on GitHub and available via #drat repo)

https://github.com/giabaio/survHEhmc

https://github.com/giabaio/survHEinla

Oh #drat, there's already such a thing as a "St. Clement's cake" – I thought I'd cleverly invented the name by noting the nursery rhyme reference… I suppose it was an obvious observation.

I just duck-searched it on a whim to find documented recipes all over the place. lol

Interestingly this example has almond involved too, so my addition of marzipan isn't even inventive.

Someone once said "there's nothing new in the kitchen," and I suspect that's probably right.

https://thehappyfoodie.co.uk/recipes/st-clements-cake/

Hmm, two hour delay on receiving AT&T phone messages today. Missed the call from the plumber (didn't ring here, either). #drat