Jun 12, 2026
C2 Hosts: 4
EtherRAT
According to sysdig, EtherRAT uses Ethereum smart contracts for C2 URL resolution. It establishes persistence through five independent mechanisms, ensuring survival across reboots and system maintenance (systemd, xdg, cron, bashrc, profile).
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 12, 2026 | 4 |
Further Reading
EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2 | Sysdig opens in a new tab
Sysdig TRT analyzes EtherRAT, a novel blockchain-based implant exploiting React2Shell, revealing credential theft, worm propagation, and forensic insights.
sysdig.com
EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks | Sysdig opens in a new tab
Discover how the critical React2Shell vulnerability (CVE-2025-55182) is being actively exploited to deploy EtherRAT, a persistent access implant that uses Ethereum smart contracts for blockchain C2...
sysdig.com