CRAT wants to plunder your endpoints – Cisco Blogs

Cisco Blogs / Security / Threat Research / CRAT wants to plunder your endpoints

Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT.
Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint.
One of the plugins is a ransomware known as “Hansom.”
CRAT has been attributed to the Lazarus APT Group in the past.
The RAT consists of multiple obfuscation techniques to hide strings, API names, command and control (C2) URLs and instrumental functions, along with static detection evasion.
The attack also employs a multitude of anti-infection checks to evade sandbox based detection systems.

What’s new?

Cisco Talos has recently discovered a new version of the CRAT malware family. This version consists of multiple RAT capabilities, additional plugins and a variety of detection-evasion techniques. In the past, CRAT has been attributed to the Lazarus Group, the malicious threat actors behind multiple cyber campaigns, including attacks against the entertainment sector.

Indicators and tactics, techniques and procedures (TTPs) discovered by this investigation resemble those of the Lazarus Group.

CRAT wants to plunder your endpoints – Cisco Blogs

What’s new?

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)

Related Post

What’s new?

VMWARE

Configuration Templates