The Reveal Platform
Intel Name: Behind the walls: techniques and tactics in castle rat client malware
Date of Scan: December 26, 2025
Impact: High
Summary: Multiple threat groups are deploying a variety of malware to compromise hosts and networks, with CastleRAT emerging as one of the latest payloads observed this year. First identified around March 2025, CastleRAT is a Remote Access Trojan available in two primary variants: a Python-based version and a compiled C version. While both share the same core objectives, they differ in functionality and propagation methods. The Python variant is more lightweight and easier to analyze, whereas the C variant is more robust and supports additional capabilities.
