BlackBeard
BlackBeard is a Rust-based malware family also known as Archer RAT and RUSTRIC. Group-IB reported that the Rust backdoor CHAR shares a similar structure and development environment with BlackBeard. Prior reporting cited in the content states that CloudSEK and Seqrite Labs previously flagged BlackBeard as being used by the Iranian threat actor MuddyWater to target entities in the Middle East. The provided content does not directly describe BlackBeard’s full capabilities, infection vector, or indicators of compromise beyond its association with MuddyWater, its Rust-based implementation, its aliases, and its reported targeting of Middle Eastern entities.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
CHAR shares a similar structure and development environment as the Rust-based malware BlackBeard (aka Archer RAT and RUSTRIC)...
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Rust-based RAT/backdoor previously reported as used by MuddyWater to target entities in the Middle East; mentioned here due to code/structure similarities with CHAR.
Rust-based malware previously reported as used by MuddyWater to target entities in the Middle East; mentioned as structurally similar to CHAR.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.