{"id":34464,"date":"2020-04-17T15:22:51","date_gmt":"2020-04-17T15:22:51","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31130\/PoetRAT-Trojan-Targets-Energy-Sector-Using-Coronavirus-Lures.html"},"modified":"2020-04-17T15:22:51","modified_gmt":"2020-04-17T15:22:51","slug":"poetrat-trojan-targets-energy-sector-using-coronavirus-lures","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/","title":{"rendered":"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/r\/2020\/04\/17\/8f4602c4-9571-411f-8c0c-a4f674cd7dfe\/thumbnail\/770x578\/b9bdb4978368116815cd6f14d25da226\/cd.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Government and energy sectors are being targeted in a new campaign that weaponizes the <span class=\"link\"><a href=\"https:\/\/www.cbsnews.com\/feature\/coronavirus\/\" data-omniture-track=\"moduleClick\" data-omniture-track-data=\"{&quot;moduleInfo&quot;: &quot;link_anchor&quot;, &quot;pageType&quot;: &quot;article&quot;}\" rel=\"noopener noreferrer\" target=\"_blank\" data-component=\"externalLink\">coronavirus<\/a><\/span> outbreak.&nbsp;<\/p>\n<p>On Thursday, Cisco Talos researchers Warren Mercer, Paul Rascagneres and Vitor Ventura <a href=\"https:\/\/blog.talosintelligence.com\/2020\/04\/poetrat-covid-19-lures.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">published an analysis<\/a> of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) striking both the Azerbaijan government and utility companies.&nbsp;<\/p>\n<p>According to the team, the malware attacks supervisory control and data acquisition (SCADA) systems, commonly used to manage energy networks and manufacturing systems.&nbsp;<\/p>\n<p>In this case, ICS and SCADA systems relating to wine turbines within the renewable energy sector appear to be of interest to the threat actors behind the campaign, of which their identities are currently unknown.&nbsp;<\/p>\n<p>Talos says that intended victims receive phishing emails with malicious Microsoft Word documents attached. Three separate phishing attempts have been spotted, including a document labeled &#8220;C19.docx,&#8221; likely a reference to the COVID-19 pandemic; as well as content claiming to be from departments from the Azerbaijan government and India&#8217;s Ministry of Defense.&nbsp;<\/p>\n<p>&#8220;We believe the adversaries, in this case, want to target citizens of the country Azerbaijan, including private companies in the SCADA sector like wind turbine systems,&#8221; the researchers say.<\/p>\n<p>If opened, a dropper executes through the enabling of malicious macros to deploy PoetRAT &#8212; named so due to references in the code to playwright William Shakespeare.&nbsp;<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p><strong>See also:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/this-trojan-hijacks-your-smartphone-to-send-offensive-text-messages\/\" target=\"_blank\" rel=\"noopener noreferrer\">This Trojan hijacks your smartphone to send offensive text messages<\/a><\/p>\n<p>Rather than being loaded directly as an executable, the malware is written to disk as an archive named &#8220;smile.zip.&#8221; The .zip file contains a Python script and interpreter and the Word macro will check for a sandbox environment &#8212; making the assumption that sandbox hard drives will be smaller than 62GB &#8212; before extraction. If a sandbox environment is detected, the malware is overwritten and deleted.&nbsp;<\/p>\n<p>Written in Python, the Trojan is made up of two main scripts. The first, &#8220;frown.py,&#8221; is used to communicate with the malware&#8217;s command-and-control (C2) server. TLS encryption is used to send information from an infected machine to the Trojan&#8217;s operators.&nbsp;<\/p>\n<p>The second script, &#8220;smile.py,&#8221; executes a range of other commands, such as directory listing, exfiltrating PC information, taking screenshots, copying, moving, and archiving content, uploading stolen files, and killing, clearing, or terminating processes. It is also possible for PoetRAT to seize control of webcams and steal passwords.<\/p>\n<p><strong>CNET:&nbsp;<\/strong><a href=\"https:\/\/www.cnet.com\/personal-finance\/acorns-ceo-investing-and-saving-during-coronavirus-heres-what-to-prioritize\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Investing and saving during coronavirus: Here&#8217;s what to prioritize<\/a><\/p>\n<p>An interesting tool noticed by the researchers is dog.exe, a .NET malware module that monitors hard drive paths and automatically exfiltrates data via either an email account or FTP.<\/p>\n<p>To maintain persistence, the malware creates registry keys and may make modifications to the registry itself to bypass sandbox evasion checks.&nbsp;<\/p>\n<p>&#8220;This could be used for hosts already infected to ensure they do not re-check this environment,&#8221; Talos says.&nbsp;<\/p>\n<p><strong>TechRepublic:&nbsp;<\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/covid-19-what-business-pros-need-to-know\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Coronavirus: What business pros need to know<\/a><\/p>\n<p>In addition to the main Trojan attack wave, the team also found a phishing website hosted on the same infrastructure that mimics the webmail system of the Azerbaijan government.<\/p>\n<p>&#8220;The actor monitored specific directories, signaling they wanted to exfiltrate certain information on the victims,&#8221; Talos says. &#8220;Based on our research, the adversaries may have wanted to obtain important credentials from officials in Azerbaijan&#8217;s government. The attacker wanted not only specific information obtained from the victims but also a full cache of information relating to their victim.&#8221;<\/p>\n<h3>Previous and related coverage<\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0<\/p>\n<hr>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31130\/PoetRAT-Trojan-Targets-Energy-Sector-Using-Coronavirus-Lures.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34465,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8584],"class_list":["post-34464","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackeremailvirusfraudphishscada"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-17T15:22:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures\",\"datePublished\":\"2020-04-17T15:22:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/\"},\"wordCount\":608,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg\",\"keywords\":[\"headline,hacker,email,virus,fraud,phish,scada\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/\",\"name\":\"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg\",\"datePublished\":\"2020-04-17T15:22:51+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,email,virus,fraud,phish,scada\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackeremailvirusfraudphishscada\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/","og_locale":"en_US","og_type":"article","og_title":"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-04-17T15:22:51+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures","datePublished":"2020-04-17T15:22:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/"},"wordCount":608,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg","keywords":["headline,hacker,email,virus,fraud,phish,scada"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/","url":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/","name":"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg","datePublished":"2020-04-17T15:22:51+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures.jpg","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/poetrat-trojan-targets-energy-sector-using-coronavirus-lures\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,email,virus,fraud,phish,scada","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackeremailvirusfraudphishscada\/"},{"@type":"ListItem","position":3,"name":"PoetRAT Trojan Targets Energy Sector Using Coronavirus Lures"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34464","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34464"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34464\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34465"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}