In November 2022, researchers intercepted a threat that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool (Trojan.Linux.CHAOSRAT), which is based on an open source project.
REFERENCES: https://www.trendmicro.com/en_us/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html
MALWARE FAMILY: ChaosRAT
ATT&CK IDS: T1053 - Scheduled Task/Job, T1113 - Screen Capture, T1496 - Resource Hijacking, T1133 - External Remote Services, T1190 - Exploit Public-Facing Application, T1046 - Network Service Scanning, T1087 - Account Discovery, T1059 - Command and Scripting Interpreter, T1053 - Scheduled Task/Job, T1113 - Screen Capture, T1219 - Remote Access Software, T1065 - Uncommonly Used Port, T1437 - Standard Application Layer Protocol, T1041 - Exfiltration Over C2 Channel, T1496 - Resource Hijacking, T1529 - System Shutdown/Reboot, T1499 - Endpoint Denial of Service, T1565 - Data Manipulation
Read More:
Comments