CastleBot

Recorded Future’s Insikt Group identified four clusters using the CastleLoader malware loader, assigned the operator the name GrayBravo, and detailed distinct tactics, payloads and a multi-tiered infrastructure while noting the loader’s proliferation among other threat actors.