Threat Intelligence Report

Behind the Walls: Techniques and Tactics in Castle RAT Client Malware | Splunk

📅 December 6, 2025 📰 www.splunk.com 🔍 1 CVE(s) referenced

CastleRAT is a sophisticated remote access trojan actively deployed in 2025, featuring stealthy C and Python variants that enable attackers to exfiltrate sensitive data, hijack user sessions, escalate privileges, and maintain persistent control over compromised Windows systems through advanced techniques like clipboard scraping, keylogging, browser hijacking, and UAC bypass.

vendor

CVE-2020-0601

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle