The odd case of a Gh0stRAT variant | AT&T Alien Labs

Posted byDon HackmanPosted inInfoSec

This is a guest post by independent security researcher James Quinn. This will be Part 1 of a series titled Reversing Gh0stRAT Variants. As 2018 drew to a close and 2019 took over, I began to see a different behavior from SMB malware authors.  Instead of massive, multi-staged cryptocurrency miners, I began to see more small, covert RATs serving as partial stage1’s.  Of these samples, there was one specific sample that stood out to me.  A Gh0stRAT variant, this
— Read on www.alienvault.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant

Published by Don Hackman

InfoSec, Compliance and App Dev.

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: