DRAT V2: Updated DRAT Emerges in Arsenal
Essential information
- Published
- 23/06/2025 18:23
- Modified
- 24/06/2025 14:32
- Tags
- 2025-06-23 broaderaspect c2 obfuscation delphi drat drat v2 india remote access trojan
- Related entities
- 8 observables, 1 intrusion sets (apt), 15 techniques (mitre), 2 malware, 4 others
Description
TAG-140, a threat actor group overlapping with SideCopy, has deployed an updated version of their DRAT remote access trojan, dubbed DRAT V2. This new variant, developed in Delphi, introduces enhanced command and control capabilities, including arbitrary shell command execution and improved C2 obfuscation techniques. The malware was distributed through a ClickFix-style social engineering attack, using a cloned Indian Ministry of Defence press portal. DRAT V2 demonstrates TAG-140's ongoing refinement of their tooling and their continued focus on Indian government and defense targets.