A recent command and control framework was identified named Alchemist, it is written in Golang and is capable of leveraging scripts to generate the Insekt RAT payload that is attached to the framework.
The Insekt RAT is also built in Golang and performs a multitude of tasks from screen capture to additional payload deployments.
The Talos research team has attributed the framework and remote access trojan to Chinese threat actors and have moderate confidence that the malware is being used in the wild.
The malware targets Windows, Linux and the MacOS systems and may exploit the vulnerability CVE2021-4034 as well as deliver tools such as PsExec, SMBExec, and FSCAN and use native OS binaries to accomplish the threat actor objectives.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.