Tag: gh0strat

6 Attack Reports | 0 Vulnerabilities

Attack reports

Statistics Report on Malware Targeting Windows Database Servers in Q2 2025

The analysis team has categorized attacks on MS-SQL and MySQL servers installed on Windows systems during Q2 2025. While the number of targeted systems remains stable, attacks on MS-SQL servers have been decreasing. MySQL servers saw a significant spike in attacks in June 2025. The report provides …
windows
coinminer
anydesk
remcos
gh0strat
cobaltstrike
netcat
mysql
database
ms-sql
2025-08-08
juicypotato
hploader
shadowforce
server security
q2 2025
ahnlab smart defense
clrshell
mykings
attack statistics
loveminer
Published: August 8, 2025
Downloadable IOCs: 9

Legacy Driver Exploitation Through Bypassing Certificate Verification

A new security threat using the Legacy Driver Exploitation technique has been identified, focusing on remote system control via Gh0stRAT malware. The attack distributes malware through phishing and messaging apps, utilizing DLL side-loading for additional payloads. A modified TrueSight.sys driver b…
gh0strat
dll side-loading
avkiller
2025-03-18
padding manipulation
legacy driver exploitation
CVE-2013-3900
certificate verification
driver vulnerability
truesight.sys
Published: March 18, 2025
Downloadable IOCs: 3

Chinese Malware Delivery Websites

A cluster of over 400 domains have been registered since June 2024 to host spoofed websites delivering malware to Chinese-speaking users. The sites imitate popular applications like web browsers, VPNs, messaging apps, and crypto wallets. Identified malware includes Gh0stRAT, ValleyRAT, RemKos RAT, …
apt
credential theft
redline
gh0strat
valleyrat
lummastealer
malware delivery
2025-01-16
farfli
remote access trojans
chinese-speaking users
remkos rat
spoofed websites
hack-for-hire
Published: January 16, 2025
Downloadable IOCs: 526

Meet UULoader: An Emerging and Evasive Malicious Installer

An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as…
gh0strat
mimikatz
2024-08-20
uuloader
Published: August 20, 2024
Downloadable IOCs: 23

Attack Case against HFS (HTTP File Server) Server (Suspected CVE-2024-23692)

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …
backdoor
exploit
rat
xmrig
vulnerability
plugx
gh0strat
CVE-2024-23692
cobaltstrike
korplug
destroyrat
xenorat
2024-07-03
gothief
Published: July 3, 2024
Linked vulnerabilities : CVE-2024-23692 (CVSS 9.8)
Downloadable IOCs: 14

SugarGh0st RAT Used to Target American Artificial Intelligence Experts

This intelligence report provides details about a SugarGh0st RAT campaign conducted by an unattributed threat actor, tracked as UNK_SweetSpecter, targeting organizations in the United States involved in artificial intelligence (AI) efforts across academia, private industry, and government. The camp…
rat
phishing
2024-05-16
2024-05-11
sugargh0st
ai
gh0strat
sugargh0st rat
Published: May 16, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports