TLP-GREEN
A recent command and control framework was identified named Alchemist, it is written in Golang and is capable of leveraging scripts to generate the Insekt RAT payload that is attached to the framework.
The Insekt RAT is also built in Golang and performs a multitude of tasks from screen capture to additional payload deployments.
The Talos research team has attributed the framework and remote access trojan to Chinese threat actors and have moderate confidence that the malware is being used in the wild.
The malware targets Windows, Linux and the MacOS systems and may exploit the vulnerability CVE2021-4034 as well as deliver tools such as PsExec, SMBExec, and FSCAN and use native OS binaries to accomplish the threat actor objectives.
SkyWatchSM Alert Legend
Warning
Active Threat
Malware
Ransomware
Phishing
Network/IOT
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
TLP-White
Disclosure is Not Limited.
TLP-Green
Limited Disclosure, Restricted Only to the Community.
TLP-Amber
Limited Disclosure, restricted to the Participant's Organization.
TLP-Red
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.
Discover Glesec.
Authority. Consistency.
Sign-up today for SkywatchSM Alerts.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.