The odd case of a Gh0stRAT variant | AT&T Alien Labs

This is a guest post by independent security researcher James Quinn. This will be Part 1 of a series titled Reversing Gh0stRAT Variants. As 2018 drew to a close and 2019 took over, I began to see a different behavior from SMB malware authors.  Instead of massive, multi-staged cryptocurrency miners, I began to see more small, covert RATs serving as partial stage1’s.  Of these samples, there was one specific sample that stood out to me.  A Gh0stRAT variant, this
— Read on www.alienvault.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s