Dtrack RAT
Dtrack RAT is a remote access trojan referenced in detection engineering updates that improved identification of its command-line activity. The provided content specifically notes refinement of detection logic for a unique ping command-line pattern associated with Dtrack RAT, and broader improvements to rules covering Turla, Dtrack RAT, and general network discovery activity through the use of regular expressions to better resist whitespace-based evasion. Based on the content, high-confidence behavior attributed to this malware is command-line activity involving a distinctive ping pattern and network discovery-related execution. No infection vector, malware family lineage, targeted industries, associated threat actor, platform scope, or concrete indicators of compromise beyond the unique ping command-line pattern are directly provided in the source content.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Dtrack RAT is a remote access trojan known for its unique command-line patterns and is detected through specific behavioral signatures.
Dtrack RAT is a remote access trojan used for persistent access and control over compromised systems. It is known for its use in targeted attacks and espionage operations.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.