ModeloRAT
ModeloRAT is a previously undocumented Python-based Windows remote access trojan (RAT) associated with the KongTuke initial access broker / traffic distribution system. It has been delivered in multiple KongTuke campaigns, including fake CAPTCHA / ClickFix and CrashFix web lures on compromised WordPress sites, malicious browser-extension-driven social engineering, nslookup-based ClickFix chains, and Microsoft Teams chats in which attackers impersonate IT or help-desk staff and convince victims to run malicious PowerShell commands. Multiple reports state that KongTuke selectively deploys ModeloRAT to corporate or domain-joined hosts.
Observed delivery chains include Dropbox-hosted ZIP archives and bundled portable WinPython environments such as WPy64-31401. In Huntress reporting, a domain-joined host received a Dropbox archive that launched modes.py, identified as ModeloRAT. In later reporting, the primary payload was identified as Pmanager.py executed via scriptA.vbs and a Startup shortcut named StartManagerB.lnk. The malware has also been described as being dropped into AppData and launched from %APPDATA%\WPy64-31401 using pythonw.exe.
Capabilities directly described in the source material include collection of system and user information, screenshot capture, file exfiltration from the host filesystem, and hands-on remote access. Reporting also states that newer variants maintain multiple independent access paths, including a primary RAT, a reverse shell, and a TCP backdoor; support self-update; use randomized URL paths; and implement automatic failover across a five-server command-and-control pool.
Persistence mechanisms reported across campaigns include HKCU\Software\Microsoft\Windows\CurrentVersion\Run with value name "MonitoringService," Windows Startup shortcuts, VBScript launchers, Run keys, and scheduled tasks, including randomly named tasks and a SYSTEM-level scheduled task that reportedly survives the implant’s self-destruct routine and system reboots. One report notes a six-second execution delay before Python execution to evade shallow sandboxing and simple detections.
Command-and-control details vary by version. Huntress reported an earlier ModeloRAT variant using RC4-encrypted HTTP communications over port 80 to hardcoded C2 IPs 170.168.103[.]208 and 158.247.252[.]178. Later reporting described a more resilient architecture with three independent C2 paths on separate infrastructure, a five-server pool, and separate infrastructure for different access channels. Additional C2 IPs reported for an updated variant include 45.61.136.94, 64.95.10.14, 64.95.12.238, 64.95.13.76, and 162.33.179.149.
The malware is consistently tied to enterprise targeting. Reports state it is reserved exclusively for domain-joined hosts or deployed only on corporate systems, and campaigns specifically target corporate environments via externally federated Microsoft Teams chats or enterprise users reached through KongTuke web lures. Related artifacts and filenames mentioned in reporting include modes.py, Pmanager.py, scriptA.vbs, StartManagerB.lnk, WPy64-31401, and the MonitoringService Run key value.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
XorBee RAT is related to ModeloRAT. Both are served by KongTuke. Huntress wrote up ModeloRAT on 2026-01-16.
Techniques & procedures
26 distinct techniques documented for this family, organized by ATT&CK tactic.
Resource Development
1 techniqueKongTuke uses compromised WordPress websites and fake CAPTCHA lures to deliver a Python-based trojan called ModeloRAT.
Initial Access
3 techniquesHighly trusted WordPress websites are being compromised as part of an ongoing, widespread campaign designed to inject a ClickFix implant impersonating a Cloudflare human verification challenge.
KongTuke has moved to external Microsoft Teams chats for initial access... Threat actors are now actively masquerading as corporate help-desk staff or internal IT support representatives over external Microsoft Teams chat requests.
Cybercriminals have increasingly adopted Microsoft Teams in attacks, reaching out to company employees and pretending to be IT and help-desk staff.
Execution
8 techniquesExpanded persistence mechanisms using Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks that may survive standard cleanup procedures.
The attackers inject malicious JavaScript into legitimate WordPress websites that prompt users to run a PowerShell command responsible for initiating a multi-stage infection process to deploy the trojan.
The response from https://plein-soleil[.]top/o is an obfuscated Powershell script which is piped straight to Powershell without creating a file.
The loader writes a standalone VBScript wrapper file named scriptA.vbs... Every time the user logs on, the shortcut executes the VBScript wrapper
KongTuke drops its proprietary, custom Python loader... the shortcut executes the VBScript wrapper, which in turn invokes the primary payload (Pmanager.py) leveraging a portable, bundled Python runtime engine (WPy64-31401) hidden in the filesystem.
The attackers inject malicious JavaScript into legitimate WordPress websites that prompt users to run a PowerShell command responsible for initiating a multi-stage infection process to deploy the trojan.
KongTuke infects legitimate websites and uses the ClickFix technique to convince victims to run malware.
This will try to convince the user to copy and paste a short malicious script into a command prompt.
Persistence
4 techniquesExpanded persistence mechanisms using Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks that may survive standard cleanup procedures.
Every time the user logs on, the shortcut executes the VBScript wrapper, which in turn invokes the primary payload
Expanded persistence mechanisms using Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks that may survive standard cleanup procedures.
The loader writes a standalone VBScript wrapper file named scriptA.vbs alongside a standard Windows Startup folder shortcut labeled StartManagerB.lnk under the user’s roaming application directory. Every time the user logs on, the shortcut executes the VBScript wrapper
Privilege Escalation
4 techniquesExpanded persistence mechanisms using Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks that may survive standard cleanup procedures.
Every time the user logs on, the shortcut executes the VBScript wrapper, which in turn invokes the primary payload
Expanded persistence mechanisms using Run keys, Startup shortcuts, VBScript launchers, and SYSTEM-level scheduled tasks that may survive standard cleanup procedures.
The loader writes a standalone VBScript wrapper file named scriptA.vbs alongside a standard Windows Startup folder shortcut labeled StartManagerB.lnk under the user’s roaming application directory. Every time the user logs on, the shortcut executes the VBScript wrapper
Stealth
4 techniquesThe run.pyw Python script is obfuscated with the use of zlib compression and base64.
Hackers have been found hijacking Teams accounts to impersonate IT support staff... The payload was then unpacked and executed using a bundled portable Python environment, a technique that helps the malware blend in with legitimate software activity on the infected system and avoid early detection.
Discovery
3 techniquesThe malware collects system and user information, captures screenshots, and can exfiltrate files from the host filesystem.
Collection
1 techniqueThe malware collects system and user information, captures screenshots, and can exfiltrate files from the host filesystem.
Command and Control
4 techniquesModeloRAT connects using HTTP to the beacon URL http://{C2_IP}:80/beacon/{client_id} ... Whereas XorBee RAT connects using TCP to port 4444 using a simple socket.
KongTuke campaigns have also been spotted using DNS TXT records in their ClickFix script. These DNS TXT records stage a command to retrieve and run a PowerShell script.
curl is used to fetch a payload from https://oeannon[.]com/t2 , which in turn fetches and executes from https://plein-soleil[.]top/o.
Multiple independent access paths, including a primary RAT, a reverse shell, and a TCP backdoor, running on separate infrastructure to preserve access if one channel is disrupted.
Exfiltration
1 techniqueThe malware collects system and user information, captures screenshots, and can exfiltrate files from the host filesystem.
IOCs tracked for this family
5 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
Recent activity
37 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A remote access toolkit deployed by KongTuke after a malicious PowerShell execution. It is designed for resilient persistence and survivability, using three independent command-and-control paths on separate infrastructure and persistence across four triggers.
Python-based remote access malware delivered via a malicious PowerShell command. It downloads through a ZIP archive containing a portable WinPython environment, then establishes persistent access, collects system and user information, captures screenshots, exfiltrates files, and maintains multiple access channels including a primary RAT, reverse shell, and TCP backdoor.
A remote access trojan delivered via fake or hijacked Microsoft Teams accounts and obfuscated PowerShell commands. It drops a ZIP archive into AppData, unpacks a portable Python environment, performs reconnaissance, communicates with command-and-control servers, and establishes persistence via Windows startup registry keys and randomly named scheduled tasks while evading detection.
Python RAT related to XorBee RAT and served by KongTuke. It uses obfuscation, RC4 encryption for C2 communications, persistence via the Windows Registry, and supports multiple payload types including executables, DLLs, and Python scripts.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.