Cisco Talos researchers have found multiple malicious campaigns targeting government and financial entities around the world using Revenge and Orcus Remote Access Trojans (RAT) RATs. Multiple campaigns are linked together by several unique tactics, techniques, and procedures (TTPs) including. command and control (C2) infrastructure obfuscation, analysis evasion, and persistence techniques leveraged by fileless malware strains. The campaigns’ operators use Dynamic Domain Name System (DDNS) to conceal their C2 servers, a popular method of hiding command and. control infrastructure.
Source: https://www.bleepingcomputer.com/news/security/attackers-target-govt-and-financial-orgs-with-orcus-revenge-rats/